Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Contstant Popups - RootKit.TnCore

Started by ajcoyne77 , Apr 02 2008 08:01 AM

  • This topic is locked This topic is locked

#1
ajcoyne77
Posted 02 April 2008 - 08:01 AM

ajcoyne77

    New Member

  • Member
  • Pip
  • 1 posts
I am trying to clean a relative of mines computer which was infected with numerous viruses and spyware. I was able to clean all but RootKit.TnCore which I believe is causing all the popups. Below is my hijack this log and attached is the extra.txt log.

Deckard's System Scanner v20071014.68
Run by Nancy on 2008-04-01 15:35:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-04-01 21:35:38 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-04-01 21:25:04 UTC - RP3 - Software Distribution Service 3.0
2: 2008-03-30 00:42:03 UTC - RP2 - Installed Java™ 6 Update 5
1: 2008-03-28 18:31:44 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Nancy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36, on 2008-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
E:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nancy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A658DC7-7B46-4B22-95C7-235A15E63D12} - C:\Program Files\MSN\gijapiqeb89104.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: 0 - {D15A130C-8D26-4198-739A-9120A49F1183} - C:\Program Files\Internet Explorer\lavukasyl827.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\PreODM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\RunOnce: [OSCD_Creator] C:\Dell\PreODM.EXE /2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky....an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf....0/mcinsctl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf....23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7105 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DXAPII - c:\windows\system32\drivers\dxapii.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\mara\locals~1\temp\catchme.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-30 11:03:42 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-01 16:50:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-01 and 2008-04-01 -----------------------------

2008-04-01 15:36:34 0 d-------- C:\Program Files\Trend Micro
2008-03-30 08:40:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-30 08:40:51 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 19:11:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-03-28 13:02:05 0 d-------- C:\Documents and Settings\Mara\Application Data\Adobe
2008-03-28 13:01:48 0 d-------- C:\Documents and Settings\Mara\Application Data\Google
2008-03-28 12:22:04 237728 --a------ C:\cmldr
2008-03-28 12:21:44 0 d-------- C:\cmdcons
2008-03-28 12:20:29 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-28 12:20:29 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-28 12:20:29 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-28 12:20:29 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-28 11:55:37 0 d-------- C:\Documents and Settings\Nancy\Application Data\Google
2008-03-28 11:43:00 0 d-------- C:\Documents and Settings\Frank\Application Data\Google
2008-03-28 11:22:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-28 11:21:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-28 11:20:37 0 d-------- C:\Program Files\Google
2008-03-27 23:31:56 0 d-------- C:\Documents and Settings\Mara\Application Data\SUPERAntiSpyware.com
2008-03-27 16:10:13 0 d-------- C:\Documents and Settings\Nancy\Application Data\SUPERAntiSpyware.com
2008-03-27 15:55:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-27 15:53:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-27 15:52:59 0 d-------- C:\Documents and Settings\Frank\Application Data\SUPERAntiSpyware.com
2008-03-27 15:44:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 13:42:28 0 d-------- C:\VundoFix Backups
2008-03-27 13:31:19 0 d-------- C:\WINDOWS\pss
2008-03-26 18:39:11 0 d-------- C:\Program Files\Symantec_Client_Security
2008-03-26 17:07:47 0 d-------- C:\Program Files\Symantec
2008-03-26 17:07:22 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-26 17:07:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-26 17:07:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-26 14:07:24 0 d-------- C:\Program Files\Windows Defender
2008-03-25 22:21:15 0 d-------- C:\Documents and Settings\Frank\Application Data\Viewpoint
2008-03-25 21:17:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-03-25 21:13:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-03-25 21:09:43 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-03-25 21:03:15 427520 --a------ C:\WINDOWS\WRServices.dll <Not Verified; Webroot Software, Inc; >
2008-03-25 20:52:47 0 d-------- C:\Documents and Settings\Frank\Application Data\CyberLink
2008-03-25 20:30:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-03-25 20:30:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-25 20:30:49 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-25 20:30:49 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-25 20:30:49 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-25 20:30:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-25 20:30:49 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-25 20:30:48 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-03-25 20:30:47 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-25 20:30:47 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-25 20:30:47 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-25 20:30:47 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-25 20:30:47 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-03-25 20:30:47 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-25 20:30:46 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-25 20:30:46 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-25 20:30:45 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-20 23:11:42 0 d-------- C:\Documents and Settings\Nancy\Application Data\Viewpoint
2008-03-18 22:29:13 86016 --a------ C:\WINDOWS\system32\drivers\DXAPII.sys
2008-03-18 22:29:05 0 d-------- C:\WINDOWS\system32\usn7
2008-03-18 22:29:05 0 d-------- C:\WINDOWS\system32\ras3
2008-03-18 22:29:05 0 d-------- C:\WINDOWS\system32\npd2
2008-03-18 22:29:05 0 d-------- C:\WINDOWS\system32\bt5
2008-03-18 22:28:37 0 d-------- C:\Temp
2008-03-18 10:12:24 0 d-------- C:\Documents and Settings\Frank\Application Data\Apple Computer
2008-03-17 00:07:28 0 d-------- C:\Documents and Settings\Frank\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-03-29 18:43:37 0 d-------- C:\Program Files\Java
2008-03-26 17:07:22 0 d-------- C:\Program Files\Common Files
2008-03-26 16:59:41 0 d-------- C:\Program Files\McAfee.com
2008-03-26 16:41:53 0 d-------- C:\Program Files\Common Files\AOL
2008-03-22 17:46:47 0 d-------- C:\Documents and Settings\Nancy\Application Data\MSN6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A658DC7-7B46-4B22-95C7-235A15E63D12}]
C:\Program Files\MSN\gijapiqeb89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D15A130C-8D26-4198-739A-9120A49F1183}]
C:\Program Files\Internet Explorer\lavukasyl827.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"OSCD_Creator"="c:\Dell\PreODM.EXE" [2004-10-31 05:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-11-18 23:33]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 01:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"OSCD_Creator"=C:\Dell\PreODM.EXE /2

C:\Documents and Settings\Nancy\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 13:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 13:04:12]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ac1a95e7]
rundll32.exe "C:\WINDOWS\system32\yfkuomud.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER




-- End of Deckard's System Scanner: finished at 2008-04-01 15:37:49 ------------

Attached Files


  • 0

Advertisements

#2
Rorschach112
Posted 03 April 2008 - 06:45 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please don't waste our time by posting on multiple forums

http://forums.whatth...ion_t90502.html
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP