Thread: Heeelp!!
View Single Post
Old 04-05-2008, 05:41 PM   #1 (permalink)
Mamos987
Registered User
 
Join Date: Apr 2008
Posts: 2
OS: Windows XP Pro


Heeelp!!
Hi,

I was wondering if someone could help me out...the thing is I did not notice the virus/problem until i was on MSN and a mate started receiving weird messages from me. I have copied the scan details below and added the attatchment as requested (plus followed the five steps). I have not had any weird messages like trojan.exe or anything similar...I know there is a problem as all the scanners come up with "infected problems" but I do not know how to fix it without messing up the computer even more!

Hope someone can help...cheers!!

Mo

Deckard's System Scanner v20071014.68
Run by Muhammad Murtaza on 2008-04-06 01:17:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-04-06 00:18:16 UTC - RP31 - Deckard's System Scanner Restore Point
7: 2008-04-06 00:04:46 UTC - RP30 - Software Distribution Service 3.0
6: 2008-04-05 15:30:05 UTC - RP29 - System Checkpoint
5: 2008-04-02 13:32:41 UTC - RP28 - Shockwave Player
4: 2008-04-02 13:29:47 UTC - RP27 - Shockwave Player


-- First Restore Point --
1: 2008-04-01 19:43:12 UTC - RP24 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Muhammad Murtaza.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:49, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\kam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Muhammad Murtaza\Local Settings\Temporary Internet Files\Content.IE5\ELECDPWL\dss[1].exe
C:\Program Files\Symantec\LiveUpdate\LUAll.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\MUHAMM~1\Desktop\Muhammad Murtaza.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {313ED77C-8A0C-4CCA-9594-B1F095F2A7B3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kam] C:\WINDOWS\system32\kam.exe
O4 - HKLM\..\RunServices: [kam] C:\WINDOWS\system32\kam.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa...bs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1118015033108
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Print Spooler Service (yua5eek8e81) - Unknown owner - C:\WINDOWS\system32\kam.exe

--
End of file - 6918 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,7
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,6


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SiSide - c:\windows\system32\drivers\siside.sys <Not Verified; Silicon Integrated Systems Corp.; SiS PCI Mini IDE Driver>
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 Vmodem (W2k Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R0 Vpctcom (W2k Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R0 Vvoice (W2k Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>
R1 GhPciScan (GhostPciScanner) - c:\program files\symantec\norton ghost 2003\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 Ptserial (W2K Pctel Serial Device Driver) - c:\windows\system32\drivers\ptserial.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>

S3 WebSTARNdis (WebSTAR DPX USB Cable Modem Adapter) - c:\windows\system32\drivers\webstar.sys <Not Verified; Scientific Atlanta; WebSTAR USB Cable Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - c:\program files\executive software\diskeeperserver\dkservice.exe <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>
R2 GhostStartService - c:\progra~1\symantec\norton~1\ghosts~2.exe <Not Verified; Symantec Corporation; Norton Ghost Start Service>

S2 yua5eek8e81 (Print Spooler Service) - c:\windows\system32\kam.exe /service
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_030013F6&REV_A0\3&61AAA01&0&17
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_030013F6&REV_A0\3&61AAA01&0&17
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-06 01:11:17 386 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-04-06 00:51:01 258 --a------ C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job
2008-04-05 23:20:02 378 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-04-05 23:00:06 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job
2008-04-02 20:07:58 430 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 00:36:32 0 d-------- C:\ie-spyad_zo
2008-04-06 00:33:28 0 d-------- C:\Program Files\Panda Security
2008-04-06 00:33:20 0 d-------- C:\WINDOWS\LastGood
2008-04-02 14:31:06 0 d-------- C:\Program Files\Norton Security Scan
2008-04-02 14:26:52 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-01 21:12:47 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-04-01 21:12:42 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-04-01 21:11:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Google
2008-04-01 20:47:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-01 20:43:57 0 d-------- C:\Program Files\Common Files\iS3
2008-04-01 20:43:48 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-01 11:13:47 0 dr-h----- C:\Documents and Settings\Muhammad Murtaza\Recent
2008-03-28 16:10:52 0 d---s---- C:\Documents and Settings\NetworkService\UserData
2008-03-28 16:10:37 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-03-28 16:10:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Google
2008-03-28 16:10:12 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-03-28 16:09:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-24 16:02:16 188416 --a------ C:\WINDOWS\system32\kam.exe
2008-03-22 17:09:47 0 d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-03-22 16:56:54 69632 --a------ C:\WINDOWS\system32\MCCDevice.dll <Not Verified; Motive Communications, Inc.; >
2008-03-22 16:56:54 6048 --a------ C:\WINDOWS\system32\mcc16.dll
2008-03-22 16:56:49 81920 --a------ C:\WINDOWS\system32\W32n50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-22 16:56:49 17162 --a------ C:\WINDOWS\system32\Pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-22 16:56:49 16848 --a------ C:\WINDOWS\system32\Pcandis4.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-22 16:12:54 0 d-------- C:\Program Files\Common Files\Motive
2008-03-22 16:12:27 0 d-------- C:\WINDOWS\Drivers


-- Find3M Report ---------------------------------------------------------------

2008-04-06 01:27:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-05 23:00:15 0 dr------- C:\Program Files\Common Files
2008-04-02 14:33:28 0 d-------- C:\Documents and Settings\Muhammad Murtaza\Application Data\Adobe
2008-04-02 14:33:23 0 d-------- C:\Documents and Settings\Muhammad Murtaza\Application Data\Macromedia
2008-03-25 23:45:33 0 d-------- C:\Documents and Settings\Muhammad Murtaza\Application Data\AdobeUM
2008-02-15 14:17:41 0 d-------- C:\Program Files\MyWay
2008-02-14 20:15:04 0 d-------- C:\Program Files\Norton AntiVirus
2008-02-14 19:55:34 0 d-------- C:\Program Files\Symantec
2008-01-28 01:02:49 19936 --a------ C:\Documents and Settings\Muhammad Murtaza\Application Data\GDIPFONTCACHEV1.DAT
2008-01-12 16:13:51 5364354 --ah----- C:\Documents and Settings\Muhammad Murtaza\Application Data\IconCache.db
2008-01-07 00:16:28 8704 --a------ C:\Documents and Settings\Muhammad Murtaza\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{313ED77C-8A0C-4CCA-9594-B1F095F2A7B3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/01/2008 23:16 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [23/08/2001 20:00 C:\WINDOWS\SYSTEM32\systray.exe]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 11:15]
"PCTVOICE"="pctspk.exe" [07/01/2003 01:40 C:\WINDOWS\SYSTEM32\pctspk.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/12/2003 17:11]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [02/12/2003 17:11]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [26/08/2002 23:35]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [06/06/2005 11:08]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 17:05]
"kam"="C:\WINDOWS\system32\kam.exe" [24/03/2008 16:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"kam"=C:\WINDOWS\system32\kam.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
F:\DOWNLO~1\NOKIAP~1\TRAYAP~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\System32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yajfpxr]
C:\Program Files\Oktxl\Meampk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42892e68-c1d6-11dc-a3a6-000d871135fc}]
AutoRun\command- H:\InstallTomTomHOME.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-04-06 01:30:17 ------------
Attached Files
File Type: txt extra.txt (11.4 KB, 0 views)
Mamos987 is offline   Reply With Quote