Sign in to follow this  
imyournewfather

got an adware yesterday

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:52:55 PM, on 12/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\VentSrv\ventrilo_svc.exe

C:\Program Files\VentSrv\ventrilo_srv.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HiJackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0B850046-5EC1-425B-9939-3FE0DE2C9E10} - C:\WINDOWS\system32\esentg.dll

O2 - BHO: (no name) - {237C1D78-F682-40A8-B65F-B7DB4E7BD3A3} - c:\windows\system32\adsndso.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: zshsckcw - C:\WINDOWS\SYSTEM32\adsndso.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

 

--

End of file - 6448 bytes

Ad_Aware_20071201_12_03_19.log

Share this post


Link to post
Share on other sites

Welcome to the Lavasoft Support Forums imyournewfathaer ;)

 

Download Deckard's System Scanner (dss.exe) and save it to your desktop.

  • Close all applications and windows.
  • Double click on dss.exe to run it and follow the prompts.
  • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

Share this post


Link to post
Share on other sites

Deckard's System Scanner v20071014.68

Run by Chhay on 2007-12-02 10:35:02

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 2 Restore Point(s) --

2: 2007-12-02 18:35:06 UTC - RP2 - Deckard's System Scanner Restore Point

1: 2007-12-02 17:20:08 UTC - RP1 - System Checkpoint

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Chhay.exe) -----------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:36:01 AM, on 12/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\VentSrv\ventrilo_svc.exe

C:\Program Files\VentSrv\ventrilo_srv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Chhay\Desktop\dss.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\PROGRA~1\HIJACK~1\Chhay.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0B850046-5EC1-425B-9939-3FE0DE2C9E10} - C:\WINDOWS\system32\esentg.dll

O2 - BHO: (no name) - {237C1D78-F682-40A8-B65F-B7DB4E7BD3A3} - c:\windows\system32\adsndso.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: zshsckcw - C:\WINDOWS\SYSTEM32\adsndso.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

 

--

End of file - 6430 bytes

 

-- File Associations -----------------------------------------------------------

 

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7

.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 orxgqhmh - c:\windows\system32\drivers\rtqlezms.dat

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

R3 RTLE8023xp (Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver) - c:\windows\system32\drivers\rtenicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

R2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe

 

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-12-01 18:32:41 434 --a------ C:\WINDOWS\Tasks\At1.job

 

 

-- Files created between 2007-11-02 and 2007-12-02 -----------------------------

 

2007-12-01 20:19:05 0 d-------- C:\bho_n2_log

2007-12-01 11:25:54 0 d-------- C:\Program Files\Lavasoft

2007-12-01 11:25:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-01 10:00:31 120064 --a------ C:\WINDOWS\system32\zqfsatat.dat

2007-12-01 09:54:49 44032 --a------ C:\WINDOWS\system32\rpcc.exe

2007-12-01 09:54:37 0 d-------- C:\WINDOWS\system32\AppCert

2007-12-01 09:54:20 84480 --a------ C:\WINDOWS\system32\adsndso.dll

2007-12-01 09:54:09 19200 --a------ C:\WINDOWS\system32\drivers\rtqlezms.dat

2007-12-01 09:53:54 103680 --a------ C:\WINDOWS\system32\esentg.dll

2007-11-30 16:07:36 0 d-------- C:\Documents and Settings\Chhay\Application Data\Nero

2007-11-30 15:49:20 0 d-------- C:\Program Files\Nero

2007-11-30 15:49:20 0 d-------- C:\Program Files\Common Files\Nero

2007-11-30 15:49:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero

2007-11-12 17:44:51 0 d-------- C:\Program Files\Apple Software Update

2007-11-12 17:44:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple

2007-11-09 18:39:54 0 d-------- C:\NVIDIA

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-12-01 11:25:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-01 11:15:50 0 d-------- C:\Program Files\SpywareBlaster

2007-11-30 22:58:23 0 d-------- C:\Program Files\Trillian

2007-11-30 15:49:20 0 d-------- C:\Program Files\Common Files

2007-11-30 15:32:59 0 d-------- C:\Program Files\Common Files\Ahead

2007-11-29 15:21:51 0 d-------- C:\Documents and Settings\Chhay\Application Data\uTorrent

2007-11-17 17:17:57 0 d-------- C:\Program Files\mIRC

2007-11-12 19:14:21 0 d-------- C:\Program Files\Starcraft

2007-11-12 17:45:21 0 d-------- C:\Program Files\QuickTime

2007-10-21 09:54:22 0 d-------- C:\Program Files\Microsoft Visual Studio 8

2007-10-12 17:08:34 0 d-------- C:\Program Files\Microsoft.NET

2007-10-10 17:25:13 0 d-------- C:\Program Files\Combined Community Codec Pack

2007-10-05 13:43:16 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe

2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll

2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe

2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe

2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B850046-5EC1-425B-9939-3FE0DE2C9E10}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{237C1D78-F682-40A8-B65F-B7DB4E7BD3A3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 02:07 AM]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/10/2006 09:19 AM]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [01/16/2007 12:07 PM]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 01:31 PM]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 01:32 PM]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 01:32 PM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/13/2004 03:04 PM]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [06/02/2006 12:45 AM]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]

"nwiz"="nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [10/04/2007 05:14 PM C:\WINDOWS\system32\nvmctray.dll]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [01/16/2007 12:06 PM]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [01/16/2007 09:08 PM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 03:56 PM]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/17/2007 8:16:15 PM]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zshsckcw]

adsndso.dll 12/01/2007 10:00 AM 84480 C:\WINDOWS\system32\adsndso.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsHive]

C:\WINDOWS\system32\rpcc.exe

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ruupbrdg

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{798afe8e-b8b0-11db-a9b4-bebf52140826}]

AutoRun\command- H:\setupSNK.exe

 

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 www.newsleecher.com

127.0.0.1 www.newsleecher.com/

127.0.0.1 newsleecher.com

127.0.0.1 newsleecher.com/

127.0.0.1 www.newsleecher.com/!tools/

127.0.0.1 www.casdk.com

 

 

-- End of Deckard's System Scanner: finished at 2007-12-02 10:36:41 ------------

Share this post


Link to post
Share on other sites

Download ComboFix by sUBs from here, saving the file to your desktop.

 

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

 

Filename: CFScript.txt

Save As Type: All Files (*.*)

 

File::
C:\WINDOWS\system32\zqfsatat.dat
C:\WINDOWS\system32\rpcc.exe
C:\WINDOWS\system32\adsndso.dll
C:\WINDOWS\system32\drivers\rtqlezms.dat
C:\WINDOWS\system32\esentg.dll
Folder::
C:\WINDOWS\system32\AppCert
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B850046-5EC1-425B-9939-3FE0DE2C9E10}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{237C1D78-F682-40A8-B65F-B7DB4E7BD3A3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zshsckcw] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsHive]
NetSvc::
ruupbrdg
Driver::
orxgqhmh

 

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

 

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

 

Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.

Share this post


Link to post
Share on other sites

ComboFix 07-12-02.5 - Chhay 2007-12-02 12:00:38.1 - NTFSx86

Running from: C:\Documents and Settings\Chhay\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Chhay\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\WINDOWS\system32\adsndso.dll

C:\WINDOWS\system32\drivers\rtqlezms.dat

C:\WINDOWS\system32\esentg.dll

C:\WINDOWS\system32\rpcc.exe

C:\WINDOWS\system32\zqfsatat.dat

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\adsndso.dll

C:\WINDOWS\system32\AppCert

C:\WINDOWS\system32\AppCert\filter.drv

C:\WINDOWS\system32\AppCert\options.dat

C:\WINDOWS\system32\AppCert\prx93f.dll

C:\WINDOWS\system32\AppCert\wnl32.dll

C:\WINDOWS\system32\AppCert\wsil32.dll

C:\WINDOWS\system32\drivers\rtqlezms.dat

C:\WINDOWS\system32\esentg.dll

C:\WINDOWS\system32\rpcc.exe

C:\WINDOWS\system32\zqfsatat.dat

C:\WINDOWS\Tasks.\At1.job

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_ORXGQHMH

-------\LEGACY_RUUPBRDG

-------\orxgqhmh

-------\ruupbrdg

 

 

((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))

.

 

2007-12-02 10:47 . 2007-12-02 10:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2007-12-02 10:47 . 2007-12-02 11:55 <DIR> d-------- C:\Documents and Settings\Chhay\Application Data\AVG7

2007-12-02 10:47 . 2007-12-02 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-02 10:47 . 2007-12-02 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2007-12-02 10:47 . 2007-12-02 10:47 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-12-02 10:47 . 2007-12-02 10:47 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-12-02 10:34 . 2007-12-02 10:34 <DIR> d-------- C:\Deckard

2007-12-01 11:25 . 2007-12-01 11:25 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-01 11:25 . 2007-12-01 11:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-01 09:53 . 2007-12-01 09:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-01 09:53 . 2007-12-01 09:53 1,409 --a------ C:\WINDOWS\QTFont.for

2007-11-30 16:07 . 2007-11-30 16:07 <DIR> d-------- C:\Documents and Settings\Chhay\Application Data\Nero

2007-11-30 15:49 . 2007-11-30 15:49 <DIR> d-------- C:\Program Files\Nero

2007-11-30 15:49 . 2007-11-30 15:49 <DIR> d-------- C:\Program Files\Common Files\Nero

2007-11-30 15:49 . 2007-11-30 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2007-11-12 17:44 . 2007-11-12 17:44 <DIR> d-------- C:\Program Files\Apple Software Update

2007-11-12 17:44 . 2007-11-12 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2007-11-09 18:40 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2007-11-09 18:40 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-11-09 18:40 . 2007-11-09 18:44 140,158 --a------ C:\WINDOWS\system32\nvapps.xml

2007-11-09 18:40 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu

2007-11-09 18:39 . 2007-11-09 18:39 <DIR> d-------- C:\NVIDIA

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-02 02:36 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-12-01 19:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-01 19:15 --------- d-----w C:\Program Files\SpywareBlaster

2007-12-01 06:58 --------- d-----w C:\Program Files\Trillian

2007-11-30 23:32 --------- d-----w C:\Program Files\Common Files\Ahead

2007-11-29 23:21 --------- d-----w C:\Documents and Settings\Chhay\Application Data\uTorrent

2007-11-18 01:17 --------- d-----w C:\Program Files\mIRC

2007-11-13 03:14 --------- d-----w C:\Program Files\Starcraft

2007-11-13 01:45 --------- d-----w C:\Program Files\QuickTime

2007-11-13 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-11-10 02:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2007-10-21 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-10-21 17:54 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2007-10-13 01:08 --------- d-----w C:\Program Files\Microsoft.NET

2007-10-11 01:25 --------- d-----w C:\Program Files\Combined Community Codec Pack

2007-10-05 21:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-10-05 21:43 249,856 ------w C:\WINDOWS\Setup1.exe

2007-10-05 01:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-01-16 21:08]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 02:07]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-01-16 12:07]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 13:31]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 13:32]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 13:32]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 15:04]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 00:45]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 15:56 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RunDLL32.exe" [2004-08-03 15:56 C:\WINDOWS\system32\rundll32.exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2007-01-16 12:06]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-02 10:47]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-02 10:47]

 

S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{798afe8e-b8b0-11db-a9b4-bebf52140826}]

\Shell\AutoRun\command - H:\setupSNK.exe

 

.

**************************************************************************

 

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-02 12:05:39

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-02 12:06:59 - machine was rebooted

.

--- E O F ---

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:09:36 PM, on 12/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\VentSrv\ventrilo_svc.exe

C:\Program Files\VentSrv\ventrilo_srv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

 

--

End of file - 6949 bytes

Share this post


Link to post
Share on other sites

Looks pretty good. Couple of files I'd like to check out. First, highlight and copy the following bolded command.

 

attrib -h C:\WINDOWS\QTFont.qfn

 

Click Start>Run and type cmd then hit enter to open a command window. Now right click and paste the copied command, then hit enter. Close the command window.

 

 

Go to jotti then browse to and select the following file, then click Submit. Wait for the analysis to complete, then copy the results and paste into notepad for posting here.

 

C:\WINDOWS\QTFont.qfn

 

Now submit this file and save the results.

 

C:\WINDOWS\QTFont.for

Share this post


Link to post
Share on other sites

File: QTFont.qfn

Status:

OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: dba91cd5a3a68302967c03213e52bde8

Packers detected:

-

Bit9 reports: Not analyzed yet (more info)

Scanner results

Scan taken on 03 Dec 2007 00:05:33 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

 

 

File: QTFont.for

Status:

OK

MD5: e1034d757709f37f2d1ebd96d5ead02b

Packers detected:

-

Bit9 reports: Not analyzed yet (more info)

Scanner results

Scan taken on 03 Dec 2007 00:12:38 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

 

avg also found this as a threat... Obfustat.ZTA","C:\System Volume Information\_restore{3D3261FD-F4B6-470F-9BEE-1FBF495B8063}\RP3\A0000011.dll","12/2/2007 1:27:16 PM","A0000011.dll

 

what should i do with this?

Edited by imyournewfathaer

Share this post


Link to post
Share on other sites

That's an infected file in a System Restore point. We'll deal with those once we're sure the system is otherwise clean an working properly. ;)

 

Click Start>Run and type ComboFix /u then hit enter to remove ComboFix and it's quarantined files.

 

Please do an online scan with Kaspersky WebScanner

 

Click on Kaspersky Online Scanner

 

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

      Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log.

Share this post


Link to post
Share on other sites

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, December 03, 2007 1:06:42 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 3/12/2007

Kaspersky Anti-Virus database records: 471188

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

 

Scan Statistics:

Total number of scanned objects: 158571

Number of viruses found: 6

Number of infected objects: 22

Number of suspicious objects: 0

Duration of the scan process: 02:49:17

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\Chhay\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\cert8.db Object is locked skipped

C:\Documents and Settings\Chhay\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\history.dat Object is locked skipped

C:\Documents and Settings\Chhay\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\key3.db Object is locked skipped

C:\Documents and Settings\Chhay\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\parent.lock Object is locked skipped

C:\Documents and Settings\Chhay\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Chhay\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Chhay\Application Data\Sun\Java\Deployment\cache\6.0\25\575b3459-68ad7cc9/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Chhay\Application Data\Sun\Java\Deployment\cache\6.0\25\575b3459-68ad7cc9/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Chhay\Application Data\Sun\Java\Deployment\cache\6.0\25\575b3459-68ad7cc9/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Chhay\Application Data\Sun\Java\Deployment\cache\6.0\25\575b3459-68ad7cc9 ZIP: infected - 3 skipped

C:\Documents and Settings\Chhay\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Chhay\Desktop\Nero-8.1.1.4_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Documents and Settings\Chhay\Desktop\Nero-8.1.1.4_eng_trial.exe 7-Zip: infected - 1 skipped

C:\Documents and Settings\Chhay\Desktop\Winny2pb728000.zip/Winny2/winnyp.exe Infected: not-a-virus:Client-P2P.Win32.Winny.2b722 skipped

C:\Documents and Settings\Chhay\Desktop\Winny2pb728000.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Chhay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Chhay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Chhay\Local Settings\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Chhay\Local Settings\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Chhay\Local Settings\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Chhay\Local Settings\Application Data\Mozilla\Firefox\Profiles\6kdslg8z.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Chhay\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Chhay\Local Settings\History\History.IE5\MSHist012007120320071204\index.dat Object is locked skipped

C:\Documents and Settings\Chhay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Chhay\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Chhay\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\Program Files\Share10_ex2\Share.exe Infected: not-a-virus:Client-P2P.Win32.Share.a skipped

C:\Program Files\Share10_ex2\upload\Share10_ex2.zip/Share.exe Infected: not-a-virus:Client-P2P.Win32.Share.a skipped

C:\Program Files\Share10_ex2\upload\Share10_ex2.zip ZIP: infected - 1 skipped

C:\Program Files\VentSrv\ventrilo_srv.log Object is locked skipped

C:\Program Files\Winny2\winnyp.exe Infected: not-a-virus:Client-P2P.Win32.Winny.2b722 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3D3261FD-F4B6-470F-9BEE-1FBF495B8063}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

G:\Share10_ex2\Share.exe Infected: not-a-virus:Client-P2P.Win32.Share.a skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\_restore{3D3261FD-F4B6-470F-9BEE-1FBF495B8063}\RP1\change.log Object is locked skipped

G:\Winny2\Winny2b66.zip/Winny2/Winny.exe Infected: not-a-virus:Client-P2P.Win32.Winny.2b66 skipped

G:\Winny2\Winny2b66.zip ZIP: infected - 1 skipped

G:\Winny2\Winny2p_b726_000.zip/Winny2/winnyp.dll Infected: not-a-virus:Client-P2P.Win32.Winny.2b722 skipped

G:\Winny2\Winny2p_b726_000.zip/Winny2/winnyp.exe Infected: not-a-virus:Client-P2P.Win32.Winny.2b722 skipped

G:\Winny2\Winny2p_b726_000.zip ZIP: infected - 2 skipped

G:\Winny2\winnyp.exe Infected: not-a-virus:Client-P2P.Win32.Winny.2b722 skipped

G:\Winny2pb728000.zip/Winny2/winnyp.exe Infected: not-a-virus:Client-P2P.Win32.Winny.2b722 skipped

G:\Winny2pb728000.zip ZIP: infected - 1 skipped

 

Scan process completed.

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:10:49 PM, on 12/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\VentSrv\ventrilo_svc.exe

C:\Program Files\VentSrv\ventrilo_srv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

 

--

End of file - 6994 bytes

Share this post


Link to post
Share on other sites

Kaspersky does not like your Winny2 and Share10_ex2 p2p clients. Otherwise not bad. Open the Java Plug-in in the Control Panel and delete the temporary files.

 

If you're satisfied that the computer is working properly, I recommend you clear the System Restore points.

 

Clear past system restore points and create a new one.

Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

 

Verify a new restore point was created.

Click Start>All Programs>Accessories>System Tools>System Restore

Select 'Restore my computer to an earlier time', then click next.

You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

 

 

That should finish things up. How is your computer performing now?

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. ;)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this