Options
my hijackthis log after avg cleaning(help with trojans pt.2)
hello!
it's me again. no one answered my thread before, so i'm writing again. after last Avg scanning, i found 6 threats, trojan horse generic5.hzf.
it was in some files of pc game. so i removed this game and deleted game's set up files, and i did AVG scan again, and AVG didn't find nothing. so here's my hijackthis log after that:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:39, on 1.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\Apache
Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\Apache
Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\User\My
Documents\Downloads\AnyDVD.&.AnyDVD.HD 6.3.1.5.FiNAL
__ HD & BlueRay
Support\AnyDVD.&.AnyDVD.HD.v6.3.1.5.FiNAL + HD &
BlueRay Support\SlySoft.AnyTrial RESET
TOOL\AnyTrialControl.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\AnyTrial.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and
Settings\User\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for
Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) -
{7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program
Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program
Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program
Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program
Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program
Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program
Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding
-boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program
Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program
Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
/minimized
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BugSoft AnyTrial] C:\Documents
and Settings\User\My
Documents\Downloads\AnyDVD.&.AnyDVD.HD 6.3.1.5.FiNAL
__ HD & BlueRay
Support\AnyDVD.&.AnyDVD.HD.v6.3.1.5.FiNAL + HD &
BlueRay Support\SlySoft.AnyTrial RESET
TOOL\AnyTrialControl.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program
Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program
Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program
Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live
Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert
Tool... - C:\Program Files\MP3 Player Utilities
4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live
Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab
multimedia file - C:\Program Files\MP3 Player
Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Open in new background
tab - res://C:\Program Files\Windows Live
Toolbar\Components\en-ww\msntabres.dll.mui/229?652f3
963615543ad830be87b258d7cac
O8 - Extra context menu item: Open in new foreground
tab - res://C:\Program Files\Windows Live
Toolbar\Components\en-ww\msntabres.dll.mui/230?652f3
963615543ad830be87b258d7cac
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) -
{9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.explorertool.net/redirect.php (file
missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware -
{9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.explorertool.net/redirect.php (file
missing)
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &&
Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/default/kav
webscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asin
st.cab
O22 - SharedTaskScheduler: corduroyed -
{699fabf8-1087-491f-b57c-80a68929d82b} -
C:\WINDOWS\system32\heuvth.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) -
Lavasoft - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc
Putte Corp
- C:\WINDOWS\AnyTrial.exe
O23 - Service: ATK Keyboard Service
(ATKKeyboardService) - ASUSTeK COMPUTER INC. -
C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT
s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt)
- GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8
(CCALib8) - Canon Inc. - C:\Program
Files\Canon\CAL\CALMAIN.exe
O23 - Service: Forceware Web Interface
(ForcewareWebInterface) - Apache Software Foundation
- C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\Apache
Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) -
Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) -
NVIDIA Corporation - C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog)
- NVIDIA Corporation - C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc)
- NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 11928 bytes
so, i would like to now if that's it. Is my computer clean and safe now?
thanks,
Veki
it's me again. no one answered my thread before, so i'm writing again. after last Avg scanning, i found 6 threats, trojan horse generic5.hzf.
it was in some files of pc game. so i removed this game and deleted game's set up files, and i did AVG scan again, and AVG didn't find nothing. so here's my hijackthis log after that:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:39, on 1.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\Apache
Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\Apache
Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\User\My
Documents\Downloads\AnyDVD.&.AnyDVD.HD 6.3.1.5.FiNAL
__ HD & BlueRay
Support\AnyDVD.&.AnyDVD.HD.v6.3.1.5.FiNAL + HD &
BlueRay Support\SlySoft.AnyTrial RESET
TOOL\AnyTrialControl.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\AnyTrial.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and
Settings\User\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for
Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) -
{7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program
Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program
Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program
Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program
Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program
Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program
Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding
-boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program
Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program
Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
/minimized
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BugSoft AnyTrial] C:\Documents
and Settings\User\My
Documents\Downloads\AnyDVD.&.AnyDVD.HD 6.3.1.5.FiNAL
__ HD & BlueRay
Support\AnyDVD.&.AnyDVD.HD.v6.3.1.5.FiNAL + HD &
BlueRay Support\SlySoft.AnyTrial RESET
TOOL\AnyTrialControl.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program
Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program
Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program
Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live
Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert
Tool... - C:\Program Files\MP3 Player Utilities
4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live
Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab
multimedia file - C:\Program Files\MP3 Player
Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Open in new background
tab - res://C:\Program Files\Windows Live
Toolbar\Components\en-ww\msntabres.dll.mui/229?652f3
963615543ad830be87b258d7cac
O8 - Extra context menu item: Open in new foreground
tab - res://C:\Program Files\Windows Live
Toolbar\Components\en-ww\msntabres.dll.mui/230?652f3
963615543ad830be87b258d7cac
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) -
{9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.explorertool.net/redirect.php (file
missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware -
{9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.explorertool.net/redirect.php (file
missing)
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &&
Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/default/kav
webscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asin
st.cab
O22 - SharedTaskScheduler: corduroyed -
{699fabf8-1087-491f-b57c-80a68929d82b} -
C:\WINDOWS\system32\heuvth.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) -
Lavasoft - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc
Putte Corp
- C:\WINDOWS\AnyTrial.exeO23 - Service: ATK Keyboard Service
(ATKKeyboardService) - ASUSTeK COMPUTER INC. -
C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT
s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt)
- GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8
(CCALib8) - Canon Inc. - C:\Program
Files\Canon\CAL\CALMAIN.exe
O23 - Service: Forceware Web Interface
(ForcewareWebInterface) - Apache Software Foundation
- C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\Apache
Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) -
Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) -
NVIDIA Corporation - C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog)
- NVIDIA Corporation - C:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc)
- NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 11928 bytes
so, i would like to now if that's it. Is my computer clean and safe now?
thanks,
Veki
0
Comments
If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead.