C:\WINNT\SYSTEM32\DWRCS.EXE <-- unknown
C:\WINNT\SYSTEM32\DWRCST.exe <-- unknown
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe <-- unknown
C:\Program Files\Lotus\Sametime Client\Connect.exe <-- unknown
C:\Program Files\ABK\abk.exe <-- unknown
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 3.174.26.70:8080 <-- This page could possibly be nasty. If you do not know the entry '3.174.26.70:8080', delete it.
O2 - BHO: (no name) - {C2260B66-CCA5-E059-DB8C-90ABA1040794} - C:\WINNT\system32\peksvrb.dll (file missing)
Unnecessarily Entries found in this registry zone are potentially nasty. This application ([C2260B66-CCA5-E059-DB8C-90ABA1040794] - Result: ) has been checked. Hit rate: -1 % Unknown application.
Unnecessary (deactivated) entry that can be fixed.
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" <--unknown
O4 - HKLM\..\Run: [Z1DSPW5] c:\documents and settings\opac\local settings\temp\Z1DSPW5.exe <--Unknown application.
O4 - HKLM\..\Run: [BITzop9] c:\documents and settings\opac\local settings\temp\BITzop9.exe <-- Unknown application.
O4 - HKLM\..\Run: [6vG9AP702] c:\documents and settings\opac\local settings\temp\6vG9AP702.exe <-- Unknown application.
O4 - HKLM\..\Run: [gB2LV] c:\documents and settings\opac\local settings\temp\gB2LV.exe <-- Unknown application.
O9 - Extra button: Instant Messenger - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - *cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?*cn.messenger.yahoo.c om/ (file missing)
Unnecessarily The entry Instant Messenger has been identified as safe. If the entry 'Instant Messenger ' is not needed anymore, it should be fixed.
Unnecessary (deactivated) entry that can be fixed.
O9 - Extra button: Gexus - {426F81A5-0B8C-4948-8115-11606FD3F389} - (no file)
Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'Gexus ' is unknown.
Unnecessary (deactivated) entry that can be fixed.
O9 - Extra 'Tools' menuitem: Gexus - {426F81A5-0B8C-4948-8115-11606FD3F389} - (no file)
Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'Gexus ' is unknown.
Unnecessary (deactivated) entry that can be fixed.
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
Nasty This entry should be fixed by HijackThis!
O9 - Extra button: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\WINNT\System32\shdocvw.dll
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry '@C:\Program Files\Failsafe\GuardIE\PnIE.dll,' is unknown.
O9 - Extra 'Tools' menuitem: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\WINNT\System32\shdocvw.dll
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry '@C:\Program Files\Failsafe\GuardIE\PnIE.dll,' is unknown.
O14 - IERESET.INF: START_PAGE_URL=*crd.home.ge.com/
Possibly nasty This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. This entry should be fixed if '*crd.home.ge.com/' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
O15 - Trusted Zone: *.skoobidoo.com
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone: *.slotchbar.com
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone: *.windupdates.com
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone: *.slotchbar.com (HKLM)
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone: *.windupdates.com (HKLM)
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted IP range: 67.19.185.246
Nasty If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted IP range: (HKLM)
Possibly nasty If you did not add these pages to your trusted pages, they should be fixed. If you didn't add '(HKLM)' to your trusted pages, it should be fixed.
O16 - DPF: {0036F389-FEF8-43AC-9220-16430E0012ED} - *naupoint.com/toolbar/installer/iEBINST5.cab
Nasty This entry is possibly nasty. Should be fixed.
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - *crdquickplace02.ge.com/qp2.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - *advnt01.com/dialer/russia.CAB
Nasty This entry is possibly nasty. Should be fixed.
O16 - DPF: {426F81A5-0B8C-4948-8115-11606FD3F389} - *www.serialspot.com/serials/serials.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 - DPF: {60261C06-81B0-4DE0-9313-E5BA203A64E9} - *216.195.35.10/pdfmgr_s.cab
Nasty This entry is possibly nasty. Should be fixed.
O16 - DPF: {68E53982-CCCE-48C2-89B9-C3C97638F9B4} (CActSetupObj Object) - *www.odysseusmarketing.com/actsetup.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - *pacioli.crd.ge.com/oa/US/jinit11816.exe
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 - DPF: {9BBC1154-218D-453C-97F6-A06582224D81} - *www.shifen.com/update/moon/install.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} - *hkmeeting01c.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - *bar.baidu.com/update/IESearch.cab
Nasty This entry is possibly nasty. Should be fixed.
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - *deposito.hostance.net/dialer/1014061.exe
Nasty This entry is possibly nasty. Should be fixed.
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - *www.35mb.com/downloadapplet.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grmsasia.grms.ge.com
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain 'grmsasia.grms.ge.com'? If not, fix this entry.
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = crd.ge.com,ge.com
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain 'crd.ge.com,ge.com'? If not, fix this entry.
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grmsasia.grms.ge.com
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain 'grmsasia.grms.ge.com'? If not, fix this entry.
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = grmsasia.grms.ge.com
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain 'grmsasia.grms.ge.com'? If not, fix this entry.
O18 - Protocol: mp3 - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)
Nasty Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed. Should be fixed.
O23 - Service: AutoComplete Service - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (autocomp.exe)
O23 - Service: DameWare Mini Remote Control - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (DWRCS.EXE)
O23 - Service: OracleOraHome81ClientCache - Unknown - c:\oracle\ora81\BIN\ONRSD.EXE
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (ONRSD.EXE)