Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
file:///C:\\WINDOWS\\privacy_danger\\index.htm

--------------------------------------------------------------------------------

Hi im getting the error message file:///C:\\WINDOWS\\privacy_danger\\index.htm
and my desk is all white i cant have a backround i've read that this is a trojan or something .. and that you use hijackthis to get rid of it but you have to know what to fix, so i've scanned with hijackthis can someone tell me wich items to fix i would be really thankful!:



Attached is main.txt
Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-28 20:34:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-02-29 02:34:15 UTC - RP48 - Deckard's System Scanner Restore Point
12: 2008-01-30 03:47:11 UTC - RP47 - Installed CA Desktop DNA Migrator
11: 2008-01-22 01:44:22 UTC - RP46 - System Checkpoint
10: 2008-01-19 03:04:27 UTC - RP45 - System Checkpoint
9: 2008-01-18 00:00:43 UTC - RP44 - System Checkpoint


-- First Restore Point --
1: 2007-11-02 21:03:14 UTC - RP36 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-28 20:35:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\ppctlpriv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Labtec\Desktop\V5.1\MOffice.exe
C:\Program Files\Labtec\Keyboard\V5.1\KBDAP32A.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Labtec\Keyboard\V5.1\mouse32a.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe
C:\Program Files\antiviirus.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\Documents and Settings\Owner\Local Settings\Temp\E8Wer3zG.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\Tools\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3522
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3522
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3522
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {0F240256-9E39-4E57-AD5C-55700B7A2388} - C:\WINDOWS\dgtxrdfwrv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: ekvgsnw - {474928DE-BC0F-4637-ADC1-C6DD2D1161D7} - C:\WINDOWS\ekvgsnw.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: alofkmn - {647F655A-7CA6-44A5-B32A-11FFD8457D9F} - C:\WINDOWS\alofkmn.dll
O21 - SSODL: bxlrvps - {D9174849-38CF-455E-8843-FA3C7D794438} - C:\WINDOWS\bxlrvps.dll
O21 - SSODL: KernelRunOnce - {f42d835e-3baa-469d-9be2-d26d7fb06d13} - C:\WINDOWS\Installer\{f42d835e-3baa-469d-9be2-d26d7fb06d13}\KernelRunOnce.dll
O21 - SSODL: KbdRom - {6c3949ad-57f7-4664-b906-e3d3072b6fd9} - C:\WINDOWS\Installer\{6c3949ad-57f7-4664-b906-e3d3072b6fd9}\KbdRom.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\ppctlpriv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10158 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-29 21:46:34 514 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 9 46 PM.job
2007-06-10 17:59:15 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job
2007-06-10 17:59:14 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job


-- Files created between 2008-01-28 and 2008-02-28 -----------------------------

2008-02-28 20:10:59 16576 --a------ C:\Program Files\tmp10041906.exe
2008-02-28 19:49:35 0 d--h----- C:\WINDOWS\PIF
2008-02-28 19:07:53 16528 --a------ C:\Program Files\tmp90859.exe
2008-02-28 17:09:43 16624 --a------ C:\Program Files\tmp130500.exe
2008-02-27 20:15:12 16564 --a------ C:\Program Files\tmp88734.exe
2008-02-27 19:20:56 16448 --a------ C:\Program Files\tmp101609.exe
2008-02-27 18:37:23 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-27 18:25:10 0 d-------- C:\Program Files\MediaEldoradoCodec
2008-02-27 18:02:43 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-02-27 17:59:22 16624 --a------ C:\Program Files\tmp2158953.exe
2008-02-27 17:58:03 16600 --a------ C:\Program Files\tmp2119031.exe
2008-02-27 17:57:45 11900 --a------ C:\Program Files\antiviirus.exe
2008-02-27 17:57:07 81920 --a------ C:\WINDOWS\fkxvkns.exe
2008-02-27 17:57:07 176128 --a------ C:\WINDOWS\ekvgsnw.dll <Not Verified; ; ekvgsnw Module>
2008-02-27 17:57:07 274432 --a------ C:\WINDOWS\dgtxrdfwrv.dll
2008-02-27 17:57:07 262144 --a------ C:\WINDOWS\bxlrvps.dll
2008-02-27 17:57:07 200704 --a------ C:\WINDOWS\alofkmn.dll <Not Verified; ; alofkmn>
2008-01-29 22:17:55 0 d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-01-29 22:17:18 0 d-------- C:\WINDOWS\CAVTemp
2008-01-29 22:12:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-01-29 21:46:50 0 d-------- C:\Documents and Settings\Owner\Application Data\CallingID
2008-01-29 21:46:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 21:46:17 0 d-------- C:\WINDOWS\Downloaded Installations
2008-01-29 21:46:15 0 d-------- C:\Program Files\Common Files\Scanner
2008-01-29 21:45:26 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-01-29 21:45:24 0 d-------- C:\Program Files\CA
2008-01-29 21:39:06 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo


-- Find3M Report ---------------------------------------------------------------

2008-02-28 17:50:28 0 d-------- C:\Program Files\Google
2008-02-27 20:13:55 0 d-------- C:\Program Files\Pure Networks
2008-02-27 20:13:55 0 d-------- C:\Program Files\Common Files
2008-02-27 19:45:08 0 d-------- C:\Program Files\Common Files\AOL
2008-01-29 21:19:31 0 d-------- C:\Program Files\Gateway Games
2008-01-19 07:21:45 0 d-------- C:\Program Files\Labtec
2008-01-10 21:43:35 0 d-------- C:\Program Files\NSI
2008-01-10 21:41:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-01-07 22:19:29 0 d-------- C:\Program Files\IrfanView
2008-01-05 10:45:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-01-05 10:45:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F240256-9E39-4E57-AD5C-55700B7A2388}]
02/27/2008 09:33 AM 274432 --a------ C:\WINDOWS\dgtxrdfwrv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 12:35 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 12:32 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 12:36 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 06:07 PM C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [09/22/2005 02:36 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 07:43 PM C:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [06/01/2005 05:56 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 04:01 AM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [05/22/2006 11:26 AM]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 04:44 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/21/2003 08:43 AM]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/2003 10:36 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [07/14/2007 08:39 AM]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [01/19/2008 07:18 AM]
"LWBKEYBOARD"="C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe" [01/28/2005 04:23 AM]
"OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [01/19/2008 07:21 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [02/27/2008 05:30 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [02/27/2008 05:30 PM]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [02/27/2008 05:30 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [02/27/2008 05:30 PM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [02/27/2008 05:30 PM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe" [02/27/2008 05:30 PM]
"antiviirus"="C:\Program Files\antiviirus.exe" [02/27/2008 05:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [10/4/2006 11:15:16 AM]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [10/4/2006 11:19:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [10/15/2007 09:40 PM 1373624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alofkmn"= {647F655A-7CA6-44A5-B32A-11FFD8457D9F} - C:\WINDOWS\alofkmn.dll [02/27/2008 09:33 AM 200704]
"bxlrvps"= {D9174849-38CF-455E-8843-FA3C7D794438} - C:\WINDOWS\bxlrvps.dll [02/27/2008 09:33 AM 262144]
"KernelRunOnce"= {f42d835e-3baa-469d-9be2-d26d7fb06d13} - C:\WINDOWS\Installer\{f42d835e-3baa-469d-9be2-d26d7fb06d13}\KernelRunOnce.dll [02/27/2008 05:57 PM 16934]
"KbdRom"= {6c3949ad-57f7-4664-b906-e3d3072b6fd9} - C:\WINDOWS\Installer\{6c3949ad-57f7-4664-b906-e3d3072b6fd9}\KbdRom.dll [02/27/2008 05:58 PM 16934]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\system32\UmxWNP.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47a6d4bd-5922-11db-bf93-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-02-28 20:38:01 ------------
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top