Deckard's System Scanner v20071014.68
Run by Admin on 2008-05-19 12:25:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]System Drive C: has 0.18 GiB (less than 15%) free.[/color]


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:07, on 19.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\1\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HFXP2\hfxp.exe
C:\Program Files\Total Commander\Totalcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\distrib\dss.exe
D:\distrib\HIJACK~1\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.184.198.225:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
www.donnu.edu.ua
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {21615033-A029-4BB7-A527-F9DFB25DEFA7} - C:\WINDOWS\System32\mlJBSmLC.dll
O2 - BHO: {8948be97-c101-4c49-c524-0b72a042e577} - {775e240a-27b0-425c-94c4-101c79eb8498} - C:\WINDOWS\System32\ycrwvvof.dll
O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - C:\WINDOWS\system32\pmnkHXon.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: & - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVP] "F:\1\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [hfxp] C:\Program Files\HFXP2\hfxp.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\ps.exe
O4 - HKCU\..\Run: [Hide Window Hotkey] C:\Program Files\Hide Window Hotkey\HideWindow.exe -Start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Total Commander.lnk = C:\Program Files\Total Commander\Totalcmd.exe
O8 - Extra context menu item: &  Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to &Teleport - C:\PROGRA~1\TELEPO~1\teleport.htm
O8 - Extra context menu item:     FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item:    FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button:   - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1a26f07f-0d60-4835-91cf-1e1766a0ec56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8871A0EF-10AF-4E6B-845E-2DCD20E0378E}: NameServer = 195.184.198.4,195.184.198.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{A91DD31D-2ACD-47B9-B01F-881E30A8426B}: NameServer = 195.184.198.4,195.184.198.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE8073D2-2E51-4B95-9958-94F4EAD46A5E}: NameServer = 195.184.198.4,195.184.198.11
O20 - Winlogon Notify: pmnkHXon - C:\WINDOWS\SYSTEM32\pmnkHXon.dll
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service:   (Eventlog) -   - C:\WINDOWS\system32\services.exe
O23 - Service:  COM  - IMAPI (ImapiService) -   - C:\WINDOWS\System32\imapi.exe
O23 - Service:   DDE (NetDDE) -   - C:\WINDOWS\system32\netdde.exe
O23 - Service:   DDE (NetDDEdsdm) -   - C:\WINDOWS\system32\netdde.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Plug and Play (PlugPlay) -   - C:\WINDOWS\system32\services.exe
O23 - Service:        (RDSessMgr) -   - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service:   - (SCardDrv) -   - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: - (SCardSvr) -   - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: setup_7.0.0.180_18.05.2008_00-35 - Kaspersky Lab - F:\1\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service:     (SysmonLog) -   - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service:    (VSS) -   - C:\WINDOWS\System32\vssvc.exe
O23 - Service:   WMI (WmiApSrv) -   - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 8498 bytes

-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 10:05:08     41472 --a------ C:\WINDOWS\xpupdate.exe
2008-05-19 09:47:20     52232 -----n--- C:\WINDOWS\System32\drivers\REGSYS701.SYS <Not Verified; Sysinternals; Sysinternals Regmon>
2008-05-19 08:41:06     11264 --a------ C:\WINDOWS\System32\drivers\uzi4mzq0.sys <Not Verified; ; AVZ Monitoring Driver>
2008-05-19 07:47:33         0 d-------- C:\Documents and Settings\Admin\Application Data\Desktopicon
2008-05-19 07:39:34    101952 --a------ C:\WINDOWS\System32\ycrwvvof.dll
2008-05-19 07:39:31     92736 --a------ C:\WINDOWS\System32\kjqcejya.dll
2008-05-19 07:36:36      2112 --a------ C:\WINDOWS\System32\hnbbpkpx.exe
2008-05-19 07:31:17     98880 --a------ C:\WINDOWS\System32\lcnqkqji.dll
2008-05-17 14:02:21      2112 --a------ C:\WINDOWS\System32\yroybxnv.exe
2008-05-17 13:59:21     92224 --a------ C:\WINDOWS\System32\pitbemfj.dll
2008-05-14 10:41:20     90688 --a------ C:\WINDOWS\System32\xbulvcri.dll
2008-05-13 10:39:35     90688 --a------ C:\WINDOWS\System32\fahnjssq.dll
2008-05-13 10:36:35    101440 --a------ C:\WINDOWS\System32\mkyebpvw.dll
2008-05-13 10:33:35      2112 --a------ C:\WINDOWS\System32\wujilwur.exe
2008-05-13 10:28:17    100416 --a------ C:\WINDOWS\System32\suhiklqc.dll
2008-05-13 10:27:35    494457 --ahs---- C:\WINDOWS\System32\CLmSBJlm.ini2
2008-05-13 10:27:26    276992 --a------ C:\WINDOWS\System32\mlJBSmLC.dll
2008-05-13 09:18:20       345 --ahs---- C:\WINDOWS\System32\wxaIOqru.ini2
2008-05-13 09:18:09    276992 --a------ C:\WINDOWS\System32\urqOIaxw.dll
2008-05-13 09:16:19         0 d-------- C:\WINDOWS\System32\ZoneLabs
2008-05-13 09:12:45         0 d--hs---- C:\WINDOWS\CSC
2008-05-13 08:58:41         0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-13 08:39:31         0 d-------- C:\Documents and Settings\Admin\DoctorWeb
2008-05-13 08:15:43         0 d-------- C:\Documents and Settings\LocalService\Application Data\Opera
2008-05-13 08:09:27         0 d-------- C:\Documents and Settings\LocalService\Application Data\SolidDocuments
2008-05-13 08:08:39    297514 --ahs---- C:\WINDOWS\System32\Tsstvyxx.ini2
2008-05-13 07:47:16     90688 --a------ C:\WINDOWS\System32\ullftjjs.dll
2008-05-13 07:41:12    100416 --a------ C:\WINDOWS\System32\aqpalotk.dll
2008-05-12 10:09:38         0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-12 10:08:59         0 d---s---- C:\Documents and Settings\LocalService\UserData
2008-05-06 11:47:55        32 --a------ C:\WINDOWS\System32\2165634097.dat
2008-05-06 11:46:11     41984 --a------ C:\WINDOWS\System32\pmnkHXon.dll
2008-05-06 08:56:46         0 d-------- C:\Program Files\Save Flash


-- Find3M Report ---------------------------------------------------------------

2098-12-11 14:35:32    168960 --a----c- C:\WINDOWS\XL2HCXL.DLL <Not Verified; ; XL2HCXL Dynamic Link Library>
2008-05-19 12:17:37         0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-19 11:46:41         0 d-------- C:\Program Files\Miranda IM
2008-05-17 13:45:13         0 d-------- C:\Documents and Settings\Admin\Application Data\SolidDocuments
2008-05-14 08:08:42      4212 ---h---c- C:\WINDOWS\System32\zllictbl.dat
2008-05-13 11:36:30         0 d-------- C:\Program Files\ABBYY FineReader
2008-05-13 09:03:26      2104 --a------ C:\Documents and Settings\Admin\Application Data\update.log
2008-05-12 09:33:05         0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-04-25 11:52:02         0 d-------- C:\Program Files\UTC_new
2008-04-07 13:26:31      1024 --a----c- C:\WINDOWS\System32\pdf2word.DAT
2008-03-31 09:35:57         0 d--h----- C:\Program Files\Zero G Registry
2008-03-31 07:44:18    325004 --a------ C:\WINDOWS\System32\perfh019.dat
2008-03-31 07:44:18     42546 --a------ C:\WINDOWS\System32\perfc019.dat
2008-03-28 12:40:19       205 --a------ C:\WINDOWS\System32\lsprst7.dll
2008-03-28 09:43:58         0 d-------- C:\Documents and Settings\Admin\Application Data\Ufasoft
2008-03-28 09:43:41         0 d-------- C:\Program Files\Ufasoft
2008-03-13 17:30:30       370 --a------ C:\WINDOWS\System32\reset5.dat
2008-03-13 17:30:29      8192 --a------ C:\WINDOWS\System32\resetwpa.reg
2008-03-13 16:16:13     24776 --a----c- C:\WINDOWS\System32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21615033-A029-4BB7-A527-F9DFB25DEFA7}]
13.05.2008 10:27	276992	--a------	C:\WINDOWS\System32\mlJBSmLC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{775e240a-27b0-425c-94c4-101c79eb8498}]
19.05.2008 07:39	101952	--a------	C:\WINDOWS\System32\ycrwvvof.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7F6584C-864B-411D-A410-BB2DE0D33CA1}]
06.05.2008 11:46	41984	--a------	C:\WINDOWS\system32\pmnkHXon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinGuard Pro"="C:\WINDOWS\system32\wgp.exe" [01.12.2005 22:33]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08.04.2005 16:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [17.04.2005 13:30]
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [14.12.2006 00:09]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [19.02.2006 18:27]
"AVP"="F:\1\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_00-35.exe" [12.10.2007 16:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [23.02.2003 16:03]
"hfxp"="C:\Program Files\HFXP2\hfxp.exe" [10.04.2006 13:24]
"Punto Switcher"="C:\Program Files\Punto Switcher\ps.exe" [14.11.2004 00:18]
"Hide Window Hotkey"="C:\Program Files\Hide Window Hotkey\HideWindow.exe" [11.05.2006 22:54]

C:\Documents and Settings\Admin\ \ணࠬ\⮧㧪\
Total Commander.lnk - C:\Program Files\Total Commander\Totalcmd.exe [01.12.2005]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F7F6584C-864B-411D-A410-BB2DE0D33CA1}"= C:\WINDOWS\system32\pmnkHXon.dll [06.05.2008 11:46 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkHXon] 
pmnkHXon.dll 06.05.2008 11:46 41984 C:\WINDOWS\system32\pmnkHXon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\reset5] 
reset5.dll 09.09.2002 23:30 17408 C:\WINDOWS\system32\reset5.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\mlJBSmLC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^ ^^^RemoteScan Server.lnk]
path=C:\Documents and Settings\Admin\ \\\RemoteScan Server.lnk
backup=C:\WINDOWS\pss\RemoteScan Server.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^ ^^^UniTest Starter.lnk]
path=C:\Documents and Settings\Admin\ \\\UniTest Starter.lnk
backup=C:\WINDOWS\pss\UniTest Starter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^ ^^^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\ \\\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^ ^^^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\ \\\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^ ^^^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\ \\\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^ ^^^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\ \\\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^ ^^^Watch.lnk]
path=C:\Documents and Settings\All Users\ \\\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\38924475]
rundll32.exe "C:\WINDOWS\System32\kjqcejya.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3ba177e9]
Rundll32.exe "C:\WINDOWS\System32\lcnqkqji.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hidden Administrator Server]
C:\DOCUME~1\Admin\LOCALS~1\Temp\_tc\Hidden_Administrator\ha_server\ha_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\malwarealarm]
C:\Program Files\MalwareAlarm\MalwareAlarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall]
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v2]
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
"C:\Program Files\Softick\PPP\Bin\PPPGate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tutor.exe]
C:\Program Files\ABBYY Lingvo 12\Tutor.exe /AS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Warez]
"C:\Program Files\Warez\Warez.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM3ba177e9"=Rundll32.exe "C:\WINDOWS\System32\lcnqkqji.dll",s




-- End of Deckard's System Scanner: finished at 2008-05-19 12:25:36 ------------

