| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 84924 | 2007-11-23 08:44:00 | HijackThis | mkms (12127) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 614329 | 2007-11-27 20:51:00 | Make sure you have your flash drive inserted before you do this fix . There are also a few hidden nasties that need to come out . Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: KillAll:: File:: G:\SSCVIHOST . exe C:\WINDOWS\system32\blastclnnn . exe Folder:: C:\FOUND . 003 C:\FOUND . 002 C:\FOUND . 001 C:\FOUND . 000 Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{55e69da5-8091-11dc-abec-000ae6dec701}] \Shell\AutoRun\command - G:\SSCVIHOST . exe \Shell\Open\command - G:\SSCVIHOST . exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9dcb1c32-8b66-11dc-abfd-000ae6dec701}] \Shell\AutoRun\command - G:\SSCVIHOST . exe \Shell\Open\command - G:\SSCVIHOST . exe Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe Restart your computer . When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall* |
Pancake (6359) | ||
| 614330 | 2007-11-28 03:49:00 | Here is the Combofix report and the hijackthis log file for your reference . ComboFix 07-11-19 . 4 - mukundh 2007-11-28 9:42:57 . 2 - FAT32x86 Microsoft Windows XP Professional 5 . 1 . 2600 . 2 . 1252 . 1 . 1033 . 18 . 101 [GMT 5 . 5:30] Running from: C:\Documents and Settings\mukundh\Desktop\ComboFix . exe Command switches used :: C:\Documents and Settings\mukundh\Desktop\CFScript . txt * Created a new restore point FILE C:\WINDOWS\system32\blastclnnn . exe G:\SSCVIHOST . exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\FOUND . 000 C:\FOUND . 000\FILE0000 . CHK C:\FOUND . 001 C:\FOUND . 001\FILE0000 . CHK C:\FOUND . 001\FILE0001 . CHK C:\FOUND . 001\FILE0002 . CHK C:\FOUND . 001\FILE0003 . CHK C:\FOUND . 001\FILE0004 . CHK C:\FOUND . 001\FILE0005 . CHK C:\FOUND . 001\FILE0006 . CHK C:\FOUND . 001\FILE0007 . CHK C:\FOUND . 001\FILE0008 . CHK C:\FOUND . 001\FILE0009 . CHK C:\FOUND . 001\FILE0010 . CHK C:\FOUND . 001\FILE0011 . CHK C:\FOUND . 001\FILE0012 . CHK C:\FOUND . 001\FILE0013 . CHK C:\FOUND . 001\FILE0014 . CHK C:\FOUND . 001\FILE0015 . CHK C:\FOUND . 001\FILE0016 . CHK C:\FOUND . 001\FILE0017 . CHK C:\FOUND . 001\FILE0018 . CHK C:\FOUND . 001\FILE0019 . CHK C:\FOUND . 001\FILE0020 . CHK C:\FOUND . 001\FILE0021 . CHK C:\FOUND . 001\FILE0022 . CHK C:\FOUND . 001\FILE0023 . CHK C:\FOUND . 001\FILE0024 . CHK C:\FOUND . 001\FILE0025 . CHK C:\FOUND . 001\FILE0026 . CHK C:\FOUND . 001\FILE0027 . CHK C:\FOUND . 001\FILE0028 . CHK C:\FOUND . 001\FILE0029 . CHK C:\FOUND . 001\FILE0030 . CHK C:\FOUND . 001\FILE0031 . CHK C:\FOUND . 001\FILE0032 . CHK C:\FOUND . 001\FILE0033 . CHK C:\FOUND . 001\FILE0034 . CHK C:\FOUND . 001\FILE0035 . CHK C:\FOUND . 001\FILE0036 . CHK C:\FOUND . 001\FILE0037 . CHK C:\FOUND . 001\FILE0038 . CHK C:\FOUND . 001\FILE0039 . CHK C:\FOUND . 001\FILE0040 . CHK C:\FOUND . 001\FILE0041 . CHK C:\FOUND . 002 C:\FOUND . 002\FILE0000 . CHK C:\FOUND . 002\FILE0001 . CHK C:\FOUND . 002\FILE0002 . CHK C:\FOUND . 002\FILE0003 . CHK C:\FOUND . 002\FILE0004 . CHK C:\FOUND . 003 C:\FOUND . 003\FILE0000 . CHK C:\FOUND . 003\FILE0001 . CHK C:\FOUND . 003\FILE0002 . CHK C:\FOUND . 003\FILE0003 . CHK C:\FOUND . 003\FILE0004 . CHK C:\FOUND . 003\FILE0005 . CHK G:\SSCVIHOST . exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-27 17:40 <DIR> d-------- C:\Program Files\FDRLab 2007-11-27 16:02 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-27 15:46 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-22 09:28 <DIR> dr-h----- C:\$VAULT$ . AVG 2007-11-20 11:19 <DIR> d-------- C:\Program Files\BizWare Magic DATEwise 2007-11-16 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-16 16:42 <DIR> d-------- C:\Program Files\Trojan Remover 2007-11-16 16:42 <DIR> d-------- C:\Documents and Settings\mukundh\Application Data\Simply Super Software 2007-11-16 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2007-11-05 11:55 38,400 --a------ C:\WINDOWS\HPLTLNK . EXE 2007-11-03 12:59 <DIR> d-------- C:\Documents and Settings\mukundh\Phone Browser 2007-11-03 12:59 <DIR> d-------- C:\Documents and Settings\mukundh\Application Data\Datalayer 2007-11-03 12:55 <DIR> d-------- C:\Documents and Settings\mukundh\Application Data\Nokia 2007-11-03 12:53 <DIR> d-------- C:\Documents and Settings\mukundh\Application Data\PC Suite 2007-11-03 12:52 <DIR> d-------- C:\Program Files\Nokia 2007-11-03 12:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-11-03 12:52 <DIR> d-------- C:\Program Files\Common Files\Nokia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2007-10-26 10:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-26 09:46 --------- d-----w C:\Program Files\Norton Security Scan 2007-10-26 08:08 278,528 ----a-w C:\WINDOWS\system32\livesnth . dll 2007-10-25 07:06 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-10-25 07:06 --------- d-----w C:\Documents and Settings\mukundh\Application Data\Teleca 2007-10-25 07:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-10-25 07:05 --------- d-----w C:\Program Files\Sony Ericsson 2007-10-25 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca 2007-10-25 07:00 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm . sys 2007-10-25 07:00 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt . sys 2007-10-25 07:00 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex . sys 2007-10-25 07:00 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl . sys 2007-10-25 07:00 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt . sys 2007-10-25 07:00 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm . sys 2007-10-25 07:00 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus . sys 2007-10-25 07:00 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt . sys 2007-10-25 07:00 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh . sys 2007-10-22 05:21 --------- d-----w C:\Program Files\Lavasoft 2007-10-22 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-22 05:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-22 05:07 --------- d-----w C:\Program Files\CCleaner 2007-10-20 06:51 --------- d-----w C:\Documents and Settings\mukundh\Application Data\Share-to-Web Upload Folder 2007-10-20 06:50 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-10-20 06:49 --------- d-----w C:\Program Files\Hewlett-Packard 2007-10-20 06:48 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K . SYS 2007-10-20 04:20 --------- d-----w C:\Program Files\Common Files\xing shared 2007-10-20 04:19 --------- d-----w C:\Program Files\Real 2007-10-20 04:19 --------- d-----w C:\Program Files\Google 2007-10-20 04:19 --------- d-----w C:\Program Files\Common Files\Real 2007-10-20 04:01 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-20 04:01 --------- d-----w C:\Documents and Settings\mukundh\Application Data\AdobeUM 2007-10-19 11:30 --------- d-----w C:\Program Files\Spamihilator 2007-10-19 11:28 1,878,120 ----a-w C:\Program Files\spamihilator_0_9_9_32 . exe 2007-10-19 10:29 --------- d-----w C:\Documents and Settings\mukundh\Application Data\Ahead 2007-10-19 10:27 --------- d-----w C:\Program Files\Nero 2007-10-19 10:27 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-19 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2007-10-19 10:22 --------- d-----w C:\Program Files\InstallShield Installation Information 2007-10-19 10:22 --------- d-----w C:\Documents and Settings\mukundh\Application Data\Corel 2007-10-19 10:21 --------- d-----w C:\Program Files\Corel 2007-10-19 10:21 --------- d-----w C:\Program Files\Common Files\Corel 2007-10-19 10:20 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-19 10:17 --------- d-----w C:\Documents and Settings\mukundh\Application Data\AVG7 2007-10-19 10:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2007-10-19 10:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71 . dll 2007-10-19 10:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71 . dll 2007-10-19 10:16 --------- d-----w C:\Program Files\Mjuice Media Player 2007-10-19 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-19 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-10-19 10:15 --------- d-----w C:\Program Files\Winamp 2007-10-19 10:15 --------- d-----w C:\Program Files\MSN Messenger 2007-10-19 10:14 --------- d-----w C:\Program Files\Yahoo! 2007-10-19 10:06 --------- d-----w C:\Program Files\AnswerWorks 4 . 0 2007-10-19 10:04 --------- d-----w C:\Program Files\AutoCAD 2006 2007-10-19 10:04 --------- d-----w C:\Documents and Settings\mukundh\Application Data\Autodesk 2007-10-19 10:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2007-10-19 10:03 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2007-10-19 10:03 --------- d-----w C:\Program Files\Autodesk 2007-10-19 09:26 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-19 09:05 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-15 04:49 2,852,532 ----a-w C:\Program Files\core . aawdef 2007-10-15 04:17 1,702,219 ----a-w C:\Program Files\defs . ref . ((((((((((((((((((((((((((((( snapshot@2007-11-27_16 . 29 . 17 . 12 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 05:27:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT . EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr . exe" [2007-01-19 12:54] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2 . exe" [2005-11-30 16:56] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager . exe" [2004-08-06 15:33] "ccleaner"="C:\Program Files\CCleaner\CCleaner . exe" [2007-09-28 13:35] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe" [2007-10-25 07:34] "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe" [2007-10-25 07:34] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck . exe" [2006-01-12 15:40] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0 . exe" [2004-03-04 20:16] "Spamihilator"="C:\Program Files\Spamihilator\spamihilator . exe" [2007-08-17 20:54] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched . exe" [2007-10-20 09:49] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd . exe" [2002-04-11 04:19] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3 . 2\Apps\apdproxy . exe" [2007-03-09 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" [2007-10-10 19:51] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher . exe" [2005-10-26 16:17] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1 . exe" [2005-12-13 08:49] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan . exe" [2007-11-11 13:42] [HKEY_USERS\ . DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw . exe" [2007-10-25 07:34] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator . lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator . lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office . lnk backup=C:\WINDOWS\pss\Microsoft Office . lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2002-10-16 12:35 114688 -ra------ C:\WINDOWS\system32\hkcmd . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2002-10-16 12:48 155648 -ra------ C:\WINDOWS\system32\igfxtray . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs . exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr . Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN . EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2001-05-01 02:27 10752 --a------ C:\Program Files\Winamp\Winampa . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager . exe -quiet [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{55e69da4-8091-11dc-abec-000ae6dec701}] \Shell\AutoRun\command - G:\SSCVIHOST . exe \Shell\Open\command - G:\SSCVIHOST . exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{55e69da5-8091-11dc-abec-000ae6dec701}] \Shell\AutoRun\command - G:\SSCVIHOST . exe \Shell\Open\command - G:\SSCVIHOST . exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9dcb1c32-8b66-11dc-abfd-000ae6dec701}] \Shell\AutoRun\command - G:\SSCVIHOST . exe \Shell\Open\command - G:\SSCVIHOST . exe . Contents of the 'Scheduled Tasks' folder "2007-11-23 09:33:08 C:\WINDOWS\Tasks\Norton Security Scan . job" - C:\Program Files\Norton Security Scan\Nss . exe "2007-11-27 09:53:22 C:\WINDOWS\Tasks\At1 . job" - C:\WINDOWS\system32\blastclnnn . exe . ************************************************** ************************ catchme 0 . 3 . 1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2007-11-28 09:45:34 Windows 5 . 1 . 2600 Service Pack 2 FAT NTAPI scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2007-11-28 9:45:57 C:\ComboFix2 . txt . . . 2007-11-27 16:29 . --- E O F --- ======================================== Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 9:56:54 AM, on 28/11/2007 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\WINDOWS\Explorer . EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0 . exe C:\Program Files\Spamihilator\spamihilator . exe C:\Program Files\Common Files\Real\Update_OB\realsched . exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd . exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3 . 2\Apps\apdproxy . exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher . exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf . exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1 . EXE C:\Program Files\MSN Messenger\msnmsgr . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2 . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager . exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s . exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1 . EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Teleca Shared\Generic . exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker . exe C:\WINDOWS\system32\wuauclt . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = . eastern-engineering . com/index . php" target="_blank">www . eastern-engineering . com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O4 - HKLM\ . . \Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe /STARTUP O4 - HKLM\ . . \Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck . exe O4 - HKLM\ . . \Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0 . exe O4 - HKLM\ . . \Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator . exe" O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd . exe O4 - HKLM\ . . \Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3 . 2\Apps\apdproxy . exe" O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher . exe" /startoptions O4 - HKLM\ . . \Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1 . EXE -onlytray O4 - HKLM\ . . \Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan . exe O4 - HKCU\ . . \Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr . exe" /background O4 - HKCU\ . . \Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2 . exe /NoDialog O4 - HKCU\ . . \Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager . exe -quiet O4 - HKCU\ . . \Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner . exe" /AUTO O4 - HKUS\S-1-5-19\ . . \Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw . exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw . exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw . exe /RUNONCE (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw . exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - . adobe . com/products/acrobat/nos/gp . cab" target="_blank">www . adobe . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{B34CEC76-A870-43A9-8F9C-93F5104213FB}: NameServer = 218 . 248 . 240 . 23,218 . 248 . 240 . 135 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv . exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService . exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService . exe -- End of file - 5828 bytes |
mkms (12127) | ||
| 614331 | 2007-11-28 04:15:00 | Tick these, for the 3rd-4th time Then tick fix checked. Close browser/s. We'll wait for Pancake to tell you about the Comobofix log. These are safe. O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Run these manually O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet |
Speedy Gonzales (78) | ||
| 614332 | 2007-11-28 05:48:00 | Ok.Although they still appear in the registry as htm thay are now dead...you should be fine now... | Pancake (6359) | ||
| 1 2 | |||||