Thread: Virus (logs included)
View Single Post
Old 06-06-2008, 05:22 AM   #1 (permalink)
WTFman
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: WinXP Pro


Virus (logs included)
I clicked on an executable file and the second I did I knew it was a mistake. Blah. Now windows explorer gets killed all the time which naturally make life on the computer a little annoying. Below is my Deckard scan main.txt and attached is the extra.txt.

Any assistance is welcome. Thanks in advance for your help!


Deckard's System Scanner v20071014.68
Run by Rich on 2008-06-06 07:14:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2008-06-06 11:14:55 UTC - RP268 - Deckard's System Scanner Restore Point
89: 2008-06-05 11:58:37 UTC - RP267 - Installed Windows XP KB918439.
88: 2008-06-04 13:37:56 UTC - RP266 - System Checkpoint
87: 2008-06-03 12:51:21 UTC - RP265 - System Checkpoint
86: 2008-06-02 12:29:47 UTC - RP264 - Last known good configuration


-- First Restore Point --
1: 2008-06-02 12:29:38 UTC - RP179 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rich.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:03 AM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Download\Virus\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rich.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mnm.manheim.com/webvpn.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\rqRKEWPf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {D432055C-3C34-4BC7-9AB3-075839717783} - C:\WINDOWS\system32\pmnnLFuu.dll
O2 - BHO: (no name) - {D8390EDF-2603-4BDD-A9EB-328A4C7AA1BA} - C:\WINDOWS\system32\jkkJyYqN.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\ALLYS\EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\DOCUME~1\Rich\LOCALS~1\Temp\E_S122.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1060284298-115176313-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
O4 - Startup: Tardis.lnk = C:\Program Files\Tardis2000\Tardis.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197915538656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A75C0A01-6285-4004-BCC9-BCEE1F391774}: NameServer = 205.152.0.20,207.69.188.185
O20 - Winlogon Notify: rqRKEWPf - C:\WINDOWS\SYSTEM32\rqRKEWPf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9099 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems SSL VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems SSL VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CSVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 08:59:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-06 07:15:58 0 d-------- C:\Program Files\Trend Micro
2008-06-05 08:28:52 345 --ahs---- C:\WINDOWS\system32\qqsrqtwa.ini2
2008-06-05 08:28:47 371712 --a------ C:\WINDOWS\system32\awtqrsqq.dll
2008-06-05 07:58:28 0 d-------- C:\WINDOWS\LastGood
2008-06-05 07:19:21 345 --ahs---- C:\WINDOWS\system32\GPXHOUvw.ini2
2008-06-05 07:19:11 371712 --a------ C:\WINDOWS\system32\wvUOHXPG.dll
2008-06-05 07:09:15 0 d-------- C:\Program Files\Panda Security
2008-06-04 07:13:40 345 --ahs---- C:\WINDOWS\system32\BayGQqru.ini2
2008-06-04 07:13:30 371712 --a------ C:\WINDOWS\system32\urqQGyaB.dll
2008-06-03 21:38:09 345 --ahs---- C:\WINDOWS\system32\xxbdfMoq.ini2
2008-06-03 21:38:02 373248 --a------ C:\WINDOWS\system32\qoMfdbxx.dll
2008-06-03 19:39:08 345 --ahs---- C:\WINDOWS\system32\RsDeNXbc.ini2
2008-06-03 19:39:04 373248 --a------ C:\WINDOWS\system32\cbXNeDsR.dll
2008-06-03 16:40:37 345 --ahs---- C:\WINDOWS\system32\jiRuvGgh.ini2
2008-06-03 16:40:33 373248 --a------ C:\WINDOWS\system32\hgGvuRij.dll
2008-06-03 05:56:17 0 d-------- C:\Documents and Settings\Rich\Application Data\HouseCall 6.6
2008-06-02 22:20:20 345 --ahs---- C:\WINDOWS\system32\stCfikkj.ini2
2008-06-02 22:20:14 373248 --a------ C:\WINDOWS\system32\jkkifCts.dll
2008-06-02 21:12:15 736518 --ahs---- C:\WINDOWS\system32\uuFLnnmp.ini2
2008-06-02 21:12:11 373248 --a------ C:\WINDOWS\system32\pmnnLFuu.dll
2008-06-02 20:14:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-06-02 20:13:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-02 20:11:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-02 20:11:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-02 20:11:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-02 20:11:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-02 08:29:28 5537 --ahs---- C:\WINDOWS\system32\NqYyJkkj.ini2
2008-06-02 08:24:17 57344 --a------ C:\WINDOWS\system32\rqRKEWPf.dll
2008-06-01 12:37:09 0 d-------- C:\Documents and Settings\Rich\Application Data\Move Networks
2008-05-31 12:35:55 0 d-------- C:\Documents and Settings\Rich\Application Data\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Program Files\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-31 12:34:13 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-27 21:23:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-21 19:10:01 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-21 18:03:05 0 d-------- C:\Age of Conan
2008-05-21 17:18:05 0 d-------- C:\Pictures
2008-05-10 10:20:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 05:13:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-06 18:43:32 0 d-------- C:\DVDFiles


-- Find3M Report ---------------------------------------------------------------

2008-06-05 07:14:08 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-05 06:05:38 0 d-------- C:\Program Files\mIRC
2008-06-01 17:18:34 0 d-------- C:\Documents and Settings\Rich\Application Data\uTorrent
2008-05-31 12:35:36 0 d-------- C:\Program Files\Thumbs6
2008-05-31 12:34:32 0 d-------- C:\Program Files\Common Files
2008-05-31 09:08:04 0 d-------- C:\Program Files\Safari
2008-05-30 07:46:12 0 d-------- C:\Program Files\AnyDVD
2008-05-25 21:57:20 0 d-------- C:\Program Files\Trillian
2008-05-19 07:31:26 0 d-------- C:\Program Files\uTorrent
2008-05-14 20:45:16 0 d-------- C:\Documents and Settings\Rich\Application Data\Apple Computer
2008-05-07 21:38:12 0 d-------- C:\Program Files\Ad-Aware 2007
2008-05-07 07:46:52 0 d-------- C:\Program Files\EPSON Print CD
2008-05-05 20:13:31 0 d-------- C:\Program Files\coverXP
2008-05-05 19:26:18 0 d-------- C:\Program Files\EPSON
2008-05-05 19:26:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-03 22:17:53 17144 --a------ C:\Documents and Settings\Rich\Application Data\GDIPFONTCACHEV1.DAT
2008-05-03 22:05:11 0 d-------- C:\Program Files\VobBlanker
2008-04-16 10:50:57 0 d-------- C:\Program Files\iTunes
2008-04-16 10:50:50 0 d-------- C:\Program Files\iPod
2008-04-16 10:50:01 0 d-------- C:\Program Files\QuickTime
2008-04-16 10:41:15 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}]
06/02/2008 08:24 AM 57344 --a------ C:\WINDOWS\system32\rqRKEWPf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D432055C-3C34-4BC7-9AB3-075839717783}]
06/02/2008 09:12 PM 373248 --a------ C:\WINDOWS\system32\pmnnLFuu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8390EDF-2603-4BDD-A9EB-328A4C7AA1BA}]
C:\WINDOWS\system32\jkkJyYqN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 05:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 AM C:\WINDOWS\Alcmtr.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 08:44 AM]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [10/30/2006 08:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/28/2007 05:52 PM]
"nwiz"="nwiz.exe" [10/28/2007 05:52 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/28/2007 05:52 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 06:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 08:49 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 04:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 10:51 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\AnyDVD\AnyDVDtray.exe" [05/28/2008 07:10 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"\\ALLYS\EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [05/19/2006 04:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 04:35 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

C:\Documents and Settings\Rich\Start Menu\Programs\Startup\
mIRC.lnk - C:\Program Files\mIRC\mirc.exe [11/1/2007 3:57:24 PM]
Tardis.lnk - C:\Program Files\Tardis2000\Tardis.exe [12/21/2007 11:46:35 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{487C9905-26A8-42C8-8033-C58AD3D2AEC3}"= C:\WINDOWS\system32\rqRKEWPf.dll [06/02/2008 08:24 AM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKEWPf]
rqRKEWPf.dll 06/02/2008 08:24 AM 57344 C:\WINDOWS\system32\rqRKEWPf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnLFuu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-06 07:16:25 ------------
Attached Files
File Type: txt extra.txt (15.2 KB, 2 views)
Last edited by WTFman; 06-06-2008 at 05:23 AM.
WTFman is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here