Thread: need help with IEXPLORE. exe virus
View Single Post
Old 06-07-2008, 10:58 AM   #1 (permalink)
viperdiabolos
Registered User
 
Join Date: Jun 2008
Posts: 4
OS: XP Home


need help with IEXPLORE. exe virus
Hello everyone who just happens to run by this thread. I've been combing the internet looking for a solution to my problem with this virus. It began when I downloaded a faulty version of an MMORPG called SUN Online from a taiwanese website. The IEXPLORE virus kept popping up instances of IE all over my screen. As many at 30+ instances to be exact. After some tinkering by a buddy we killed that, but IEXPLORE still runs in my Task Manager's processes and it eats at my CPU. I've tried all I can. I tried PrevX, but I don't have the funds to purchase the program and I heard it is a really big help. I followed all 5 steps that were laid out on the forum. So, what can you intelligent people suggest that I do to take care of this nuisance? My log is below:


Deckard's System Scanner v20071014.68
Run by Demonta on 2008-07-07 12:25:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-07-07 16:25:30 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-07-07 11:37:21 UTC - RP7 - Removed SUPERAntiSpyware Free Edition
6: 2008-07-07 11:25:58 UTC - RP6 - Removed TuneUp Utilities 2007
5: 2008-07-07 11:23:16 UTC - RP5 - Configured Sarmsoft Resume Builder
4: 2008-07-07 11:22:46 UTC - RP4 - Removed ProxyCap


-- First Restore Point --
1: 2008-07-06 16:03:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Demonta.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:00 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Demonta\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Demonta.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [svchosts] C:\WINDOWS\system32\svchosts.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZRfox000
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tawnya\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.siren24.co.kr
O15 - Trusted Zone: http://*.siren24.com
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Demonta\Desktop\zombies.gif

--
End of file - 5115 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080707-070419-162 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080707-070419-164 O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
backup-20080707-070419-520 O2 - BHO: (no name) - {E907D6D9-2B0C-4E0E-9120-13678A4AC0A7} - (no file)
backup-20080707-070419-567 O2 - BHO: (no name) - {6C6F6EDB-F664-F8CC-4B13-8C8DCC208FEC} - (no file)
backup-20080707-070419-663 O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
backup-20080707-070419-698 O2 - BHO: (no name) - {3B666A84-F367-AEC9-1A13-8C8DCC2082B0} - (no file)
backup-20080707-070419-805 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20080707-070419-830 O2 - BHO: (no name) - {601613FE-F67F-425F-B238-2C4FE23E8C97} - (no file)
backup-20080707-070419-876 O2 - BHO: (no name) - {32CEF731-A3D1-4A8E-9A6C-2993061FD909} - (no file)
backup-20080707-070419-884 O2 - BHO: (no name) - {17D87D26-03B8-430E-80D3-DB36B13F860d} - (no file)
backup-20080707-070419-887 O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
backup-20080707-070419-965 O2 - BHO: (no name) - {439F4842-4AD7-418D-8AA9-BC98806F6BDB} - (no file)
backup-20080707-070419-967 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080707-070420-168 O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
backup-20080707-070420-301 O16 - DPF: {1545689F-FB2C-4941-B7B5-FE21D1F789E7} (TrustSite 1.0 Control) - http://img.telec.co.kr/file/trustsitex/trustsitex.cab
backup-20080707-070420-365 O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - http://www.siren24.com/initech/plugin/INIS60.cab
backup-20080707-070420-487 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080707-070420-626 O20 - Winlogon Notify: iifdcbb - iifdcbb.dll (file missing)
backup-20080707-070420-641 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080707-070420-845 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080707-070421-304 O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
backup-20080707-070421-994 O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 MAC607 (MAC607 Filter) - c:\windows\system32\drivers\mac607.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 PXRDDriver (PREVX Rootkitscan driver) - c:\windows\system32\drivers\pxrd.sys
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S3 samhid - c:\windows\system32\drivers\samhid.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)
S3 XDva037 - c:\windows\system32\xdva037.sys (file missing)
S3 XDva052 - c:\windows\system32\xdva052.sys (file missing)
S3 XDva098 - c:\windows\system32\xdva098.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
R2 npkcmsvc - c:\windows\system32\npkcmsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Manager Service>
R2 PREVXAgent (Prevx Agent) - "c:\program files\prevx1\pxagent.exe" -f <Not Verified; Prevx; Prevx-1>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\9A1881111100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\9A1881111100
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&14E6004F&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&14E6004F&0&40F0
Service: E100B

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_PI9932F&PROD_RCE416W&REV_1.0\5&36E5972&0&000
Manufacturer: (Standard CD-ROM drives)
Name: PI9932F RCE416W SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_PI9932F&PROD_RCE416W&REV_1.0\5&36E5972&0&000
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 17:41:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-04 17:15:00 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-07-04 15:00:01 412 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 12:07:20 0 d-------- C:\ie-spyad_zo
2008-07-07 12:03:32 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-07-07 12:03:20 0 d-------- C:\Program Files\SpywareBlaster
2008-07-07 07:41:35 0 d-------- C:\WINDOWS\LastGood
2008-07-07 07:41:15 0 d-------- C:\Program Files\Panda Security
2008-07-07 06:39:38 0 d-------- C:\Program Files\Trend Micro
2008-07-06 17:46:32 0 d-------- C:\Documents and Settings\Tawnya\Application Data\Prevx
2008-07-06 16:51:06 0 d-------- C:\Documents and Settings\Demonta\Application Data\Prevx
2008-07-06 16:48:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-07-06 15:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 13:29:12 0 d-------- C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
2008-07-05 13:29:11 0 d-------- C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP
2008-07-05 09:52:18 288800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-05 09:32:36 0 d-------- C:\WINDOWS\LastGood(2)
2008-07-05 08:58:29 0 d-------- C:\Program Files\Uniblue
2008-07-04 20:55:10 5402624 --a------ C:\Documents and Settings\Tawnya\ntuser.dat
2008-07-04 20:55:09 11010048 --a------ C:\Documents and Settings\Demonta\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-07 07:37:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 07:37:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 07:37:27 0 d-------- C:\Documents and Settings\Demonta\Application Data\SUPERAntiSpyware.com
2008-07-07 07:25:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 07:19:34 0 d-------- C:\Program Files\GetRight
2008-07-07 07:19:19 0 d-------- C:\Documents and Settings\Demonta\Application Data\GetRight Pro
2008-07-07 07:18:27 0 d-------- C:\Program Files\Image-Line
2008-07-07 07:15:14 0 d-------- C:\Program Files\VstPlugins
2008-07-06 16:48:17 0 d-------- C:\Documents and Settings\Demonta\Application Data\Azureus
2008-07-05 17:13:17 0 d-------- C:\Program Files\FlashGet
2008-07-05 13:33:28 0 d-------- C:\Program Files\Opera
2008-07-05 13:33:27 0 d-------- C:\Program Files\Norton Security Scan
2008-07-05 13:30:53 0 d-------- C:\Program Files\Online Services
2008-07-05 13:28:47 0 d-------- C:\Program Files\Driver Cleaner Pro
2008-06-02 10:32:33 0 d-------- C:\Documents and Settings\Demonta\Application Data\Opera
2008-06-01 20:21:11 0 d-------- C:\Program Files\IMVU
2008-05-30 10:03:25 0 d-------- C:\Documents and Settings\Demonta\Application Data\Comodo
2008-05-30 10:03:23 0 d-------- C:\Program Files\COMODO
2008-05-24 07:16:14 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-17 10:50:31 0 d-------- C:\Program Files\Gravity
2008-05-17 00:08:28 0 d-------- C:\Program Files\Common Files
2008-05-17 00:08:28 0 d-------- C:\Program Files\Common Files\DirectX
2008-05-16 13:15:51 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-16 13:15:50 0 d-------- C:\Program Files\backburner 2
2008-05-15 17:52:39 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-05-14 09:34:41 0 d-------- C:\Program Files\Lizard Interactive
2008-05-14 09:34:13 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-05-11 08:22:05 0 d-------- C:\Program Files\OGPlanet
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-20 13:18:39 1093632 --a------ C:\WINDOWS\system32\inicrypto30.dll <Not Verified; INITECH (c).; inicrypto30>
2008-04-20 13:18:06 76431 --a------ C:\WINDOWS\system32\npkcmsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Manager Service>
2008-04-20 12:57:41 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svchosts"="C:\WINDOWS\system32\svchosts.exe" []
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/01/2008 01:18 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 09:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Demonta\Desktop\zombies.gif
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Demonta^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
path=C:\Documents and Settings\Demonta\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk
backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\COMODO\Firewall\cfp.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c717493-ff09-11db-90ae-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - RKPAVPROC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{13C3D8DF-25A6-A06B-682D-2739B6D0796B}]
C:\WINDOWS\system32\svchosts.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{523702KJY0-YKN5OK-D1KOW-F49T8-TVUI81RWM141}]
netconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6CB9796-B0DB-FC2B-8B0B-901F2A90F25C}]
C:\WINDOWS\system32:svchosts.exe



-- End of Deckard's System Scanner: finished at 2008-07-07 12:34:25 ------------
Attached Files
File Type: txt extra.txt (16.6 KB, 0 views)
viperdiabolos is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here