Results 1 to 2 of 2

Thread: Win32/NSAnti removal (seems to be popular)

  1. 2008-02-26, 18:53 #1
    krucify87
    krucify87 is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    2

    Default Win32/NSAnti removal (seems to be popular)

    hi,

    im a newbie to this forum though i've read thru some of the other Win32/NSAnti topics...

    what do i need to do to get this trojan out of my system?

    would appreciate any step-by-step help.

    thanks.

    i've taken the liberty of downloading combofix. the logfile it produced is posted below:

    ComboFix 08-02-25.3 - patrick 2008-02-27 1:47:23.2 - FAT32x86
    Running from: J:\downloads\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    I:\WINDOWS\recover.reg
    I:\WINDOWS\system32\MSVC60SVV.DLL

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
    .

    2008-02-27 01:44 . 2008-02-27 01:44 <DIR> d--hs---- I:\FOUND.005
    2008-02-26 23:11 . 2008-02-26 23:11 <DIR> d--hs---- I:\FOUND.004
    2008-02-26 22:45 . 2008-02-26 22:45 <DIR> d-------- I:\Program Files\Spyware Terminator
    2008-02-26 22:45 . 2008-02-26 22:45 <DIR> d-------- I:\Documents and Settings\patrick\Application Data\Spyware Terminator
    2008-02-26 22:45 . 2008-02-26 22:45 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-02-26 22:45 . 2008-02-26 22:45 138,752 --a------ I:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-02-26 21:21 . 2008-02-26 09:17 151,315 -r-hs---- I:\l2quk.exe
    2008-02-26 21:21 . 2008-02-27 01:47 639 -r-hs---- I:\autorun.inf
    2008-02-26 21:19 . 2008-02-26 21:19 <DIR> d--hs---- I:\FOUND.003
    2008-02-26 21:11 . 2008-02-26 09:17 151,315 -r-hs---- I:\WINDOWS\system32\kxvo.exe
    2008-02-26 21:11 . 2008-02-27 01:45 71,168 -r-hs---- I:\WINDOWS\system32\fool0.dll
    2008-02-25 21:02 . 2008-02-25 21:02 520 --a------ I:\WINDOWS\netdet.ini
    2008-02-25 15:39 . 2008-02-25 15:39 287 --a------ I:\WINDOWS\game.ini
    2008-02-25 15:12 . 2008-02-25 15:12 <DIR> d-------- I:\Program Files\Activision
    2008-02-25 14:44 . 2008-02-25 14:44 <DIR> d--hs---- I:\WINDOWS\ftpcache
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- I:\Program Files\uTorrent
    2008-02-24 15:28 . 2008-02-24 15:28 <DIR> d-------- I:\Documents and Settings\patrick\Application Data\uTorrent
    2008-02-23 21:04 . 2008-02-23 21:04 <DIR> d-------- I:\Program Files\Alien Shooter
    2008-02-23 20:48 . 2008-02-23 20:48 <DIR> d-------- I:\Program Files\ReflexiveArcade
    2008-02-23 20:29 . 2008-02-23 20:29 <DIR> d-------- I:\Program Files\YzShadow
    2008-02-23 20:29 . 2008-02-23 20:29 <DIR> d-------- I:\Program Files\WinRoll
    2008-02-23 20:29 . 2008-02-23 20:29 <DIR> d-------- I:\Program Files\UberIcon
    2008-02-23 20:29 . 2008-02-23 20:29 <DIR> d-------- I:\Program Files\Tiger System Preferences v2
    2008-02-23 20:29 . 2008-02-23 20:29 <DIR> d-------- I:\Program Files\ObjectDock
    2008-02-23 20:29 . 2008-02-23 20:29 <DIR> d-------- I:\Program Files\iColorFolder
    2008-02-23 20:26 . 2004-08-03 16:56 218,624 --a------ I:\WINDOWS\system32\uxtheme.backup
    2008-02-23 20:25 . 2008-02-23 20:25 <DIR> d--h----- I:\WINDOWS\FlyakiteOSX
    2008-02-21 00:04 . 2008-02-21 00:05 29 --a------ I:\WINDOWS\Battle.ini
    2008-02-20 23:35 . 2008-02-20 23:50 16 --a------ I:\WINDOWS\popcinfo.dat
    2008-02-19 21:01 . 2008-02-19 21:01 <DIR> d-------- I:\Program Files\Common Files\Adobe Systems Shared
    2008-02-19 21:01 . 2008-02-19 21:01 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-02-12 20:55 . 2000-12-08 21:59 122,880 --a------ I:\WINDOWS\UnGins.exe
    2008-02-10 13:57 . 2008-02-10 13:57 <DIR> d-------- I:\Program Files\Chicken Invaders
    2008-02-09 10:43 . 2008-02-09 10:43 <DIR> d-------- I:\Program Files\Macromedia
    2008-02-09 10:43 . 2008-02-09 10:43 <DIR> d-------- I:\Program Files\Common Files\Macromedia
    2008-02-05 22:05 . 2008-02-05 22:05 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\WildTangent
    2008-02-03 18:39 . 2008-02-03 18:39 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\MumboJumbo
    2008-02-03 18:38 . 2008-02-03 18:38 <DIR> d-------- I:\Program Files\Luxor 3
    2008-01-31 21:53 . 2007-07-19 18:14 3,727,720 --a------ I:\WINDOWS\system32\d3dx9_35.dll
    2008-01-31 21:53 . 2007-04-04 18:53 81,768 --a------ I:\WINDOWS\system32\xinput1_3.dll
    2008-01-31 21:44 . 2008-01-31 21:44 <DIR> d-------- I:\WINDOWS\Downloaded Installations
    2008-01-31 21:44 . 2008-01-31 21:44 <DIR> d-------- I:\Program Files\D-Tools
    2008-01-31 21:44 . 2004-08-22 16:31 155,136 --a------ I:\WINDOWS\system32\drivers\d347bus.sys
    2008-01-31 21:44 . 2004-08-22 16:31 5,248 --a------ I:\WINDOWS\system32\drivers\d347prt.sys
    2008-01-30 09:59 . 2008-01-30 09:59 <DIR> d--hs---- I:\FOUND.002
    2008-01-26 14:38 . 2008-01-26 14:38 <DIR> d-------- I:\Program Files\Feeding Frenzy
    2008-01-26 14:36 . 2008-01-26 14:36 <DIR> d-------- I:\Program Files\GameHouse

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-23 12:29 2,138,368 ----a-w I:\WINDOWS\system32\ntoskrnl.exe
    2008-02-23 12:29 2,014,208 ----a-w I:\WINDOWS\system32\ntkrnlpa.exe
    2008-02-23 12:26 218,624 ----a-w I:\WINDOWS\system32\uxtheme.dll
    2008-01-16 08:53 --------- d-----w I:\Program Files\Flash Movie Player
    2008-01-15 06:12 73,216 ----a-w I:\WINDOWS\ST6UNST.EXE
    2008-01-12 05:25 --------- d-----w I:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-01-12 05:25 --------- d-----w I:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-01-12 05:05 --------- d-----w I:\Program Files\Call of Duty
    2008-01-11 15:35 --------- d-----w I:\Program Files\HomeKeylogger
    2008-01-11 07:03 --------- d-----w I:\Documents and Settings\patrick\Application Data\Cakewalk
    2007-12-29 05:15 32 ----a-w I:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-29 05:15 --------- d-----w I:\Documents and Settings\patrick\Application Data\skypePM
    2007-12-28 19:45 --------- d-----w I:\Program Files\Skype
    2007-12-28 19:45 --------- d-----w I:\Program Files\Common Files\Skype
    2007-12-28 19:45 --------- d-----w I:\Documents and Settings\patrick\Application Data\Skype
    2007-12-28 19:45 --------- d-----w I:\Documents and Settings\All Users\Application Data\Skype
    2007-12-26 14:14 --------- d-----w I:\Program Files\mIRC
    2003-01-12 04:41 3,392 ----a-w I:\WINDOWS\inf\OTHER\cmiainfo.sys
    .

    ------- Sigcheck -------

    fb77859d24d31cb3ca43177cf0ebddce I:\WINDOWS\system32\user32.dll
    ----a-w 576,512 2004-08-03 08:56:48 I:\WINDOWS\system32\user32.dll
    ----a-w 576,512 2004-08-03 08:56:48 I:\WINDOWS\system32\dllcache\user32.dll
    ----a-w 577,024 2004-08-03 08:56:48 I:\WINDOWS\FlyakiteOSX\Backup\user32.dll

    d866a8e7ce1c2f09c2c4276f9a615c0a I:\WINDOWS\system32\wininet.dll
    ----a-w 677,376 2004-08-03 08:56:48 I:\WINDOWS\system32\wininet.dll
    ----a-w 677,376 2004-08-03 08:56:48 I:\WINDOWS\system32\dllcache\wininet.dll
    ----a-w 656,384 2004-08-03 08:56:48 I:\WINDOWS\FlyakiteOSX\Backup\wininet.dll

    969f998bbedbfd55f1fcc094fa4da886 I:\WINDOWS\system32\ntkrnlpa.exe
    ----a-w 2,014,208 2008-02-23 12:29:22 I:\WINDOWS\system32\ntkrnlpa.exe
    ----a-w 2,056,832 2004-08-03 09:05:44 I:\WINDOWS\FlyakiteOSX\Backup\ntkrnlpa.exe

    fea005a44fb744a31be860f6e8bf8ab6 I:\WINDOWS\system32\ntoskrnl.exe
    ----a-w 2,138,368 2008-02-23 12:29:22 I:\WINDOWS\system32\ntoskrnl.exe
    ----a-w 2,180,992 2004-08-03 07:20:00 I:\WINDOWS\FlyakiteOSX\Backup\ntoskrnl.exe

    5de8ffe4acd3c0a3c0166a6129a12241 I:\WINDOWS\explorer.exe
    ----a-w 1,364,480 2004-08-03 08:56:50 I:\WINDOWS\explorer.exe
    ----a-w 1,364,480 2004-08-03 08:56:50 I:\WINDOWS\system32\dllcache\explorer.exe
    ----a-w 1,032,192 2004-08-03 08:56:50 I:\WINDOWS\FlyakiteOSX\Backup\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FreeRAM XP"="I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
    "ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:56 15360]
    "Alt+Q Hotkey Tool"="I:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-19 03:14 27648]
    "UberIcon"="I:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 08:32 188416]
    "Yz Shadow"="I:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 10:51 172032]
    "kxva"="I:\WINDOWS\system32\kxvo.exe" [2008-02-26 09:17 151315]
    "Yahoo! Pager"="I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "RemoteControl"="I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
    "LanguageShortcut"="I:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
    "LGODDFU"="I:\Program Files\lg_fwupdate\fwupdate.exe" [2007-11-25 22:38 249856]
    "NeroFilterCheck"="I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "SecurDisc"="I:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
    "InCD"="I:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
    "AVG7_CC"="I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 22:38 579072]
    "QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2007-11-26 12:24 98304]
    "TkBellExe"="I:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-26 12:36 185896]
    "SunJavaUpdateSched"="I:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
    "Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 I:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 98304 I:\WINDOWS\system32\nvmctray.dll]
    "DAEMON Tools-1033"="I:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "System Files Updater"="I:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 07:41 118485]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="I:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-26 01:52 219136]

    I:\Documents and Settings\patrick\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
    Stardock ObjectDock.lnk - I:\Program Files\ObjectDock\ObjectDock.exe [2005-07-15 06:13:06 1802309]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
    "I:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
    "I:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
    "I:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
    "I:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "I:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "I:\\Program Files\\mIRC\\mirc.exe"=
    "I:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "I:\\Program Files\\uTorrent\\uTorrent.exe"=


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa652f1-c4cc-11dc-b4eb-f46d4b55c9ac}]
    \Shell\AutoRun\command - L:\xo8wr9.exe
    \Shell\explore\Command - L:\xo8wr9.exe
    \Shell\open\Command - L:\xo8wr9.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "I:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-27 01:49:38
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-27 1:50:23
    ComboFix-quarantined-files.txt 2008-02-26 17:50:22

    +_+_+_

    hope someone can help..thanks a bunch.
  2. 2008-02-26, 23:48 #2
    krucify87
    krucify87 is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    2

    Default

    just got hijackthis.

    below is the log it produced.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:47:50 AM, on 2/27/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    I:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    I:\Program Files\Common Files\LightScribe\LSSrvc.exe
    I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    I:\WINDOWS\system32\nvsvc32.exe
    I:\Program Files\CyberLink\Shared Files\RichVideo.exe
    I:\Program Files\Spyware Terminator\sp_rsser.exe
    I:\WINDOWS\Explorer.EXE
    I:\WINDOWS\system32\RunDll32.exe
    I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    I:\Program Files\lg_fwupdate\fwupdate.exe
    I:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    I:\Program Files\Nero\Nero 7\InCD\InCD.exe
    I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    I:\Program Files\Common Files\Real\Update_OB\realsched.exe
    I:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    I:\WINDOWS\system32\wscntfy.exe
    I:\Program Files\D-Tools\daemon.exe
    I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\WINDOWS\Alt+Q Hotkey.exe
    I:\Program Files\UberIcon\UberIcon Manager.exe
    I:\Program Files\YzShadow\YzShadow.exe
    I:\Program Files\ObjectDock\ObjectDock.exe
    I:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    I:\Program Files\Winamp\winamp.exe
    I:\Program Files\Mozilla Firefox\firefox.exe
    I:\Program Files\internet explorer\iexplore.exe
    I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - I:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - I:\WINDOWS\system32\ieso0.dll
    O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - I:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "I:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LGODDFU] "I:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] I:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] I:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "I:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [System Files Updater] I:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKCU\..\Run: [FreeRAM XP] "I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] I:\WINDOWS\Alt+Q Hotkey.exe
    O4 - HKCU\..\Run: [UberIcon] "I:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [Yz Shadow] I:\Program Files\YzShadow\YzShadow.exe
    O4 - HKCU\..\Run: [kxva] I:\WINDOWS\system32\kxvo.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = I:\Program Files\ObjectDock\ObjectDock.exe
    O4 - Startup: RK Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: FreshDownload - {3E8A8981-799A-4218-8340-505EC9760462} - I:\Program Files\FreshDevices\FreshDownload\fd.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{588048B7-2EC3-4A52-B026-F7E371422CD3}: NameServer = 210.14.16.5 210.14.16.2
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - I:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\Program Files\Spyware Terminator\sp_rsser.exe

    --
    End of file - 7281 bytes

    +_+_+_

    thanks in advance
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules