Worm/Virus shuts down pc PLZ HELP!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

MP68

Thread Starter
Joined
Nov 12, 2006
Messages
18
Here's Hijack and other info i can give hope it'll be enough if not plz tell me and i'll get what you need to help me out. Hoping you can a.s.a.p.

Logfile of HijackThis v1.99.1
Scan saved at 07:43:42, on 2008-04-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program\Hijackthis\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mean-mf-man.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/eng/breakout_2_0_0_18.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_18.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROBERT-ZD8YG0O4-Robban
O17 - HKLM\Software\..\Telephony: DomainName = ROBERT-ZD8YG0O4-Robban
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ROBERT-ZD8YG0O4-Robban
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SSDP Discovery Service Locator (ssdpdb) - Unknown owner - C:\WINDOWS\SYSTEM32\ssdpdb.exe (file missing)

Panda online active scan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-05 07:32:31
PROTECTIONS: 0
MALWARE: 8
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00096121 Adware/IGetNet Adware No 0 Yes No C:\avenger\backup.zip[avenger/Update_com.DLL]
00120878 Spyware/New.net Spyware No 1 Yes No C:\avenger\backup.zip[avenger/NDNuninstall5_48.exe]
00134490 Adware/SAHAgent Adware No 0 Yes No C:\avenger\backup.zip[avenger/SAHUninstall.exe]
00145069 Spyware/New.net Spyware No 1 Yes No C:\avenger\backup.zip[avenger/NDNuninstall6_22.exe]
00145069 Spyware/New.net Spyware No 1 Yes No C:\avenger\backup.zip[avenger/NDNuninstall6_10.exe]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Robban\Lokala inställningar\Temp\Cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Robban\Lokala inställningar\Temp\Cookies\[email protected][1].txt
00267838 Adware/IGetNet Adware No 0 Yes No C:\avenger\backup.zip[avenger/Update_Hosts.DLL]
00374976 W32/Rahack.gen Virus/Worm No 1 Yes Yes C:\WINDOWS\system32\irdvxc.exe
00374976 W32/Rahack.gen Virus/Worm No 1 Yes Yes C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP316\A0103745.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location XJ
3w
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description XJ
3w
;===================================================================================================================================================================================
133379 HIGH MS06-057 XJ
3w
126092 MEDIUM MS06-050 XJ
3w
126087 HIGH MS06-046 XJ
3w
123421 HIGH MS06-036 XJ
3w
117384 MEDIUM MS06-018 XJ
3w
111790 MEDIUM MS06-011 XJ
3w
108742 MEDIUM MS06-006 XJ
3w
93394 HIGH MS05-050 XJ
3w
;===================================================================================================================================================================================

AVG virus scan:
"General properties";""
"Report name";"Complete Test"
"Start time";"2008-02-05 16:00:12"
"End time";"2008-02-05 16:09:48 (total: 9:36.1 Min)"
"Launch method";"Scanning launched by scheduler"
"Scanning result";"No threats found"
"Report status";"Scanning stopped manually"
" ";""
"Object summary";""
"Scanned";"24800"
"Threats Found";"0"
"Cleaned";"0"
"Moved to vault";"0"
"Deleted";"0"
"Errors";"0"

AVG virus vault:
"";"";"Trojan horse BackDoor.Generic3.GBC";"C:\WINDOWS\system32\.exe";"2008-04-01 21:47:08";".exe";"9.38 KB"
"";"";"Virus identified Worm/Allaple.J";"C:\WINDOWS\system32\.exe";"2008-04-02 09:46:16";".exe";"82 KB"
"";"";"Trojan horse Proxy.MSI";"C:\WINDOWS\system32\a.exe";"2007-03-31 13:01:58";"a.exe";"24.5 KB"
"";"";"Trojan horse Clicker.FLG";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP134\A0477496.exe";"2007-05-06 16:34:33";"A0477496.exe";"87 KB"
"";"";"Virus identified Worm/VB.AUG";"C:\Documents and Settings\Robban\Application Data\Mozilla\Firefox\Profiles\urtd0fu1.default\Cache(6)\15F72FF5d01";"2007-03-10 16:44:01";"15F72FF5d01";"4.84 MB"
"";"";"Virus identified Worm/VB.AUG";"C:\Documents and Settings\Robban\Application Data\Mozilla\Firefox\Profiles\urtd0fu1.default\Cache(6)\EA9EE7DAd01";"2007-03-10 16:44:02";"EA9EE7DAd01";"4.84 MB"
"";"";"Virus identified Worm/VB.AUG";"C:\Sharing Folder\Prgs\Firefox Setup 1.5.0.1.exe";"2007-03-10 16:44:02";"Firefox Setup 1.5.0.1.exe";"4.95 MB"
"";"";"Trojan horse BackDoor.Generic3.GBC";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP282\A0098226.exe";"2008-04-02 14:43:04";"A0098226.exe";"9.38 KB"
"";"";"Trojan horse BackDoor.Generic3.GBC";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP283\A0101222.exe";"2008-04-02 14:43:11";"A0101222.exe";"9.38 KB"
"";"";"Trojan horse Proxy.MSI";"C:\WINDOWS\System32\wcescom32.exe";"2007-03-31 16:44:51";"wcescom32.exe";"24.5 KB"
"";"";"Trojan horse Proxy.MSI";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP128\A0394480.exe";"2007-03-31 16:44:52";"A0394480.exe";"24.5 KB"
"";"";"Trojan horse Proxy.MSI";"C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\Y12DOLUP\dcv[1].jpg";"2007-03-31 16:44:52";"dcv[1].jpg";"24.5 KB"
"";"";"Virus identified Worm/Allaple.J";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP283\A0100271.exe";"2008-04-02 18:33:53";"A0100271.exe";"82 KB"
"";"";"Trojan horse Proxy.MSI";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP128\A0396476.exe";"2007-03-31 19:57:21";"A0396476.exe";"24.5 KB"
"";"";"Trojan horse IRC/BackDoor.SdBot2.KWD";"C:\System Volume Information\_restore{2BABB4F4-C408-4AE5-9FD3-2456BE0FD85F}\RP142\A0540715.exe";"2007-04-18 22:07:01";"A0540715.exe";"14.44 KB"
"";"";"Trojan horse IRC/BackDoor.SdBot2.KWD";"C:\WINDOWS\system32\.exe";"2007-04-14 16:31:02";".exe";"14.44 KB"
"";"";"Trojan horse Dropper.Agent.GLQ";"C:\DOCUME~1\Robban\LOKALA~1\Temp\Temporär katalog 1 för photos.zip\photos.scr";"2008-01-10 04:40:16";"photos.scr";"27 KB"
"";"";"Trojan horse Startpage.BEA";"C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\2P6FWRUJ\hp[1].exe";"2007-04-20 16:31:47";"hp[1].exe";"23 KB"
"";"";"Trojan horse Dropper.Agent.GLQ";"C:\Documents and Settings\Robban\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\urtd0fu1.default\Cache\2F729AB4d01";"2008-01-10 16:36:50";"2F729AB4d01";"16.3 KB"
 

MP68

Thread Starter
Joined
Nov 12, 2006
Messages
18
Just noticed there was a new version of HJC so thought id post the new logfile too just incase its a better one:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:05:12, on 2008-04-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Documents and Settings\Robban\Skrivbord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mean-mf-man.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/eng/breakout_2_0_0_18.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_18.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROBERT-ZD8YG0O4-Robban
O17 - HKLM\Software\..\Telephony: DomainName = ROBERT-ZD8YG0O4-Robban
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ROBERT-ZD8YG0O4-Robban
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SSDP Discovery Service Locator (ssdpdb) - Unknown owner - C:\WINDOWS\SYSTEM32\ssdpdb.exe (file missing)

--
End of file - 9049 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top