1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Worm/Virus shuts down pc PLZ HELP!!

Discussion in 'Virus & Other Malware Removal' started by MP68, Apr 5, 2008.

Thread Status:
Not open for further replies.
  1. MP68

    MP68 Thread Starter

    Joined:
    Nov 12, 2006
    Messages:
    18
    Here's Hijack and other info i can give hope it'll be enough if not plz tell me and i'll get what you need to help me out. Hoping you can a.s.a.p.

    Logfile of HijackThis v1.99.1
    Scan saved at 07:43:42, on 2008-04-05
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\irdvxc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program\QuickTime\qttask.exe
    C:\Program\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\Mozilla Firefox\firefox.exe
    C:\WINDOWS\SYSTEM32\taskmgr.exe
    C:\Program\Hijackthis\HijackThis1991.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
    O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mean-mf-man.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/eng/breakout_2_0_0_18.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_18.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROBERT-ZD8YG0O4-Robban
    O17 - HKLM\Software\..\Telephony: DomainName = ROBERT-ZD8YG0O4-Robban
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ROBERT-ZD8YG0O4-Robban
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SSDP Discovery Service Locator (ssdpdb) - Unknown owner - C:\WINDOWS\SYSTEM32\ssdpdb.exe (file missing)

    Panda online active scan:
    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-04-05 07:32:31
    PROTECTIONS: 0
    MALWARE: 8
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00096121 Adware/IGetNet Adware No 0 Yes No C:\avenger\backup.zip[avenger/Update_com.DLL]
    00120878 Spyware/New.net Spyware No 1 Yes No C:\avenger\backup.zip[avenger/NDNuninstall5_48.exe]
    00134490 Adware/SAHAgent Adware No 0 Yes No C:\avenger\backup.zip[avenger/SAHUninstall.exe]
    00145069 Spyware/New.net Spyware No 1 Yes No C:\avenger\backup.zip[avenger/NDNuninstall6_22.exe]
    00145069 Spyware/New.net Spyware No 1 Yes No C:\avenger\backup.zip[avenger/NDNuninstall6_10.exe]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Robban\Lokala inställningar\Temp\Cookies\[email protected][1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Robban\Lokala inställningar\Temp\Cookies\[email protected][1].txt
    00267838 Adware/IGetNet Adware No 0 Yes No C:\avenger\backup.zip[avenger/Update_Hosts.DLL]
    00374976 W32/Rahack.gen Virus/Worm No 1 Yes Yes C:\WINDOWS\system32\irdvxc.exe
    00374976 W32/Rahack.gen Virus/Worm No 1 Yes Yes C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP316\A0103745.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location XJ
    3w
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description XJ
    3w
    ;===================================================================================================================================================================================
    133379 HIGH MS06-057 XJ
    3w
    126092 MEDIUM MS06-050 XJ
    3w
    126087 HIGH MS06-046 XJ
    3w
    123421 HIGH MS06-036 XJ
    3w
    117384 MEDIUM MS06-018 XJ
    3w
    111790 MEDIUM MS06-011 XJ
    3w
    108742 MEDIUM MS06-006 XJ
    3w
    93394 HIGH MS05-050 XJ
    3w
    ;===================================================================================================================================================================================

    AVG virus scan:
    "General properties";""
    "Report name";"Complete Test"
    "Start time";"2008-02-05 16:00:12"
    "End time";"2008-02-05 16:09:48 (total: 9:36.1 Min)"
    "Launch method";"Scanning launched by scheduler"
    "Scanning result";"No threats found"
    "Report status";"Scanning stopped manually"
    " ";""
    "Object summary";""
    "Scanned";"24800"
    "Threats Found";"0"
    "Cleaned";"0"
    "Moved to vault";"0"
    "Deleted";"0"
    "Errors";"0"

    AVG virus vault:
    "";"";"Trojan horse BackDoor.Generic3.GBC";"C:\WINDOWS\system32\.exe";"2008-04-01 21:47:08";".exe";"9.38 KB"
    "";"";"Virus identified Worm/Allaple.J";"C:\WINDOWS\system32\.exe";"2008-04-02 09:46:16";".exe";"82 KB"
    "";"";"Trojan horse Proxy.MSI";"C:\WINDOWS\system32\a.exe";"2007-03-31 13:01:58";"a.exe";"24.5 KB"
    "";"";"Trojan horse Clicker.FLG";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP134\A0477496.exe";"2007-05-06 16:34:33";"A0477496.exe";"87 KB"
    "";"";"Virus identified Worm/VB.AUG";"C:\Documents and Settings\Robban\Application Data\Mozilla\Firefox\Profiles\urtd0fu1.default\Cache(6)\15F72FF5d01";"2007-03-10 16:44:01";"15F72FF5d01";"4.84 MB"
    "";"";"Virus identified Worm/VB.AUG";"C:\Documents and Settings\Robban\Application Data\Mozilla\Firefox\Profiles\urtd0fu1.default\Cache(6)\EA9EE7DAd01";"2007-03-10 16:44:02";"EA9EE7DAd01";"4.84 MB"
    "";"";"Virus identified Worm/VB.AUG";"C:\Sharing Folder\Prgs\Firefox Setup 1.5.0.1.exe";"2007-03-10 16:44:02";"Firefox Setup 1.5.0.1.exe";"4.95 MB"
    "";"";"Trojan horse BackDoor.Generic3.GBC";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP282\A0098226.exe";"2008-04-02 14:43:04";"A0098226.exe";"9.38 KB"
    "";"";"Trojan horse BackDoor.Generic3.GBC";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP283\A0101222.exe";"2008-04-02 14:43:11";"A0101222.exe";"9.38 KB"
    "";"";"Trojan horse Proxy.MSI";"C:\WINDOWS\System32\wcescom32.exe";"2007-03-31 16:44:51";"wcescom32.exe";"24.5 KB"
    "";"";"Trojan horse Proxy.MSI";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP128\A0394480.exe";"2007-03-31 16:44:52";"A0394480.exe";"24.5 KB"
    "";"";"Trojan horse Proxy.MSI";"C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\Y12DOLUP\dcv[1].jpg";"2007-03-31 16:44:52";"dcv[1].jpg";"24.5 KB"
    "";"";"Virus identified Worm/Allaple.J";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP283\A0100271.exe";"2008-04-02 18:33:53";"A0100271.exe";"82 KB"
    "";"";"Trojan horse Proxy.MSI";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP128\A0396476.exe";"2007-03-31 19:57:21";"A0396476.exe";"24.5 KB"
    "";"";"Trojan horse IRC/BackDoor.SdBot2.KWD";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP142\A0540715.exe";"2007-04-18 22:07:01";"A0540715.exe";"14.44 KB"
    "";"";"Trojan horse IRC/BackDoor.SdBot2.KWD";"C:\WINDOWS\system32\.exe";"2007-04-14 16:31:02";".exe";"14.44 KB"
    "";"";"Trojan horse Dropper.Agent.GLQ";"C:\DOCUME~1\Robban\LOKALA~1\Temp\Temporär katalog 1 för photos.zip\photos.scr";"2008-01-10 04:40:16";"photos.scr";"27 KB"
    "";"";"Trojan horse Startpage.BEA";"C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\2P6FWRUJ\hp[1].exe";"2007-04-20 16:31:47";"hp[1].exe";"23 KB"
    "";"";"Trojan horse Dropper.Agent.GLQ";"C:\Documents and Settings\Robban\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\urtd0fu1.default\Cache\2F729AB4d01";"2008-01-10 16:36:50";"2F729AB4d01";"16.3 KB"
     
  2. MP68

    MP68 Thread Starter

    Joined:
    Nov 12, 2006
    Messages:
    18
    Just noticed there was a new version of HJC so thought id post the new logfile too just incase its a better one:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:05:12, on 2008-04-05
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\irdvxc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program\QuickTime\qttask.exe
    C:\Program\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\Mozilla Firefox\firefox.exe
    C:\WINDOWS\SYSTEM32\taskmgr.exe
    C:\Documents and Settings\Robban\Skrivbord\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
    O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mean-mf-man.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/eng/breakout_2_0_0_18.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_18.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROBERT-ZD8YG0O4-Robban
    O17 - HKLM\Software\..\Telephony: DomainName = ROBERT-ZD8YG0O4-Robban
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ROBERT-ZD8YG0O4-Robban
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SSDP Discovery Service Locator (ssdpdb) - Unknown owner - C:\WINDOWS\SYSTEM32\ssdpdb.exe (file missing)

    --
    End of file - 9049 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/700500

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice