Jump to content


Photo

My log


  • This topic is locked This topic is locked
12 replies to this topic

#1 king_koopa

king_koopa

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 07 June 2007 - 02:56 PM

hey can someone please check my log cause i get popups every like 3 minute just by themselves while im onn the internet!!!

thanx


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:51:17 AM, on 8/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\HijackThis\HiJackThis_v2.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17223A79-D158-4CA8-9A58-928DA67234D3} - C:\WINDOWS\system32\vtutq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EC93FEF-A9B5-41F5-82D3-9C3E6BF0BD19} - C:\WINDOWS\system32\awtuuts.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89CCB434-7417-4E31-A00A-19BEFD6D05C9} - C:\WINDOWS\system32\qdfwyghd.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [j6281537] rundll32 C:\WINDOWS\system32\j6281537.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\fkwcyjyk.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Games\Blazing Angels\RegistrationReminder.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176950861125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: awtuuts - C:\WINDOWS\SYSTEM32\awtuuts.dll
O20 - Winlogon Notify: vtutq - C:\WINDOWS\system32\vtutq.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6562 bytes






any help would be appreciated

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 10 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 June 2007 - 12:32 PM

Hi,

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.

Next:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt
Next:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please also post a fresh HiJackThis log, you may need two posts to fit it all in.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#4 king_koopa

king_koopa

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 June 2007 - 11:35 PM

VundoFix V6.5.0

Checking Java version...

Scan started at 2:26:10 PM 11/06/2007

Listing files found while scanning....

C:\windows\system32\ahhlnuyi.dll
C:\WINDOWS\system32\awtuuts.dll
C:\windows\system32\btjsdvjm.exe
C:\windows\system32\dqhyayqq.dll
C:\windows\system32\ecufnthn.dll
C:\windows\system32\euirytgw.dll
C:\windows\system32\eylpbigs.exe
C:\WINDOWS\system32\fkwcyjyk.dll
C:\windows\system32\hsdmyowy.dll
C:\WINDOWS\system32\hsmsevfg.dll
C:\windows\system32\huddyfoc.exe
C:\windows\system32\hvykldwt.exe
C:\windows\system32\hymhhypt.exe
C:\windows\system32\ibmxogsu.dll
C:\WINDOWS\system32\iyunlhha.ini
C:\windows\system32\j6281537.dll
C:\windows\system32\jfgtinln.dll
C:\windows\system32\jipatvsh.dll
C:\windows\system32\jryfduwo.ini
C:\windows\system32\kfppvxxr.dll
C:\windows\system32\kxofqkku.exe
C:\windows\system32\kyjycwkf.ini
C:\windows\system32\owudfyrj.dll
C:\windows\system32\pnmqqixt.exe
C:\windows\system32\qdfwyghd.dll
C:\windows\system32\qdlnawfw.dll
C:\windows\system32\qhmxeaww.exe
C:\windows\system32\qtutv.bak1
C:\windows\system32\qtutv.bak2
C:\windows\system32\qtutv.ini
C:\windows\system32\qtutv.ini2
C:\windows\system32\qtutv.tmp
C:\windows\system32\qypfgpgv.exe
C:\windows\system32\scvsoscm.exe
C:\windows\system32\sesmybgy.ini
C:\windows\system32\sfujiato.exe
C:\windows\system32\ttrvlece.exe
C:\windows\system32\tvcjsiaq.exe
C:\windows\system32\urggwoip.exe
C:\windows\system32\usgoxmbi.ini
C:\windows\system32\vjfymgjm.dll
C:\WINDOWS\system32\vtutq.dll
C:\windows\system32\wlfpadvi.exe
C:\windows\system32\xauopawl.dll
C:\windows\system32\xiqxmejp.dll
C:\windows\system32\xonipgox.exe
C:\windows\system32\xpaiwtng.exe
C:\windows\system32\ygbymses.dll

Beginning removal...

Attempting to delete C:\windows\system32\ahhlnuyi.dll
C:\windows\system32\ahhlnuyi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuuts.dll
C:\WINDOWS\system32\awtuuts.dll Has been deleted!

Attempting to delete C:\windows\system32\btjsdvjm.exe
C:\windows\system32\btjsdvjm.exe Has been deleted!

Attempting to delete C:\windows\system32\dqhyayqq.dll
C:\windows\system32\dqhyayqq.dll Has been deleted!

Attempting to delete C:\windows\system32\ecufnthn.dll
C:\windows\system32\ecufnthn.dll Has been deleted!

Attempting to delete C:\windows\system32\euirytgw.dll
C:\windows\system32\euirytgw.dll Has been deleted!

Attempting to delete C:\windows\system32\eylpbigs.exe
C:\windows\system32\eylpbigs.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fkwcyjyk.dll
C:\WINDOWS\system32\fkwcyjyk.dll Has been deleted!

Attempting to delete C:\windows\system32\hsdmyowy.dll
C:\windows\system32\hsdmyowy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hsmsevfg.dll
C:\WINDOWS\system32\hsmsevfg.dll Has been deleted!

Attempting to delete C:\windows\system32\huddyfoc.exe
C:\windows\system32\huddyfoc.exe Has been deleted!

Attempting to delete C:\windows\system32\hvykldwt.exe
C:\windows\system32\hvykldwt.exe Has been deleted!

Attempting to delete C:\windows\system32\hymhhypt.exe
C:\windows\system32\hymhhypt.exe Has been deleted!

Attempting to delete C:\windows\system32\ibmxogsu.dll
C:\windows\system32\ibmxogsu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iyunlhha.ini
C:\WINDOWS\system32\iyunlhha.ini Has been deleted!

Attempting to delete C:\windows\system32\j6281537.dll
C:\windows\system32\j6281537.dll Could not be deleted.

Attempting to delete C:\windows\system32\jfgtinln.dll
C:\windows\system32\jfgtinln.dll Has been deleted!

Attempting to delete C:\windows\system32\jipatvsh.dll
C:\windows\system32\jipatvsh.dll Has been deleted!

Attempting to delete C:\windows\system32\jryfduwo.ini
C:\windows\system32\jryfduwo.ini Has been deleted!

Attempting to delete C:\windows\system32\kfppvxxr.dll
C:\windows\system32\kfppvxxr.dll Has been deleted!

Attempting to delete C:\windows\system32\kxofqkku.exe
C:\windows\system32\kxofqkku.exe Has been deleted!

Attempting to delete C:\windows\system32\kyjycwkf.ini
C:\windows\system32\kyjycwkf.ini Has been deleted!

Attempting to delete C:\windows\system32\owudfyrj.dll
C:\windows\system32\owudfyrj.dll Has been deleted!

Attempting to delete C:\windows\system32\pnmqqixt.exe
C:\windows\system32\pnmqqixt.exe Has been deleted!

Attempting to delete C:\windows\system32\qdfwyghd.dll
C:\windows\system32\qdfwyghd.dll Has been deleted!

Attempting to delete C:\windows\system32\qdlnawfw.dll
C:\windows\system32\qdlnawfw.dll Has been deleted!

Attempting to delete C:\windows\system32\qhmxeaww.exe
C:\windows\system32\qhmxeaww.exe Has been deleted!

Attempting to delete C:\windows\system32\qtutv.bak1
C:\windows\system32\qtutv.bak1 Has been deleted!

Attempting to delete C:\windows\system32\qtutv.bak2
C:\windows\system32\qtutv.bak2 Has been deleted!

Attempting to delete C:\windows\system32\qtutv.ini
C:\windows\system32\qtutv.ini Has been deleted!

Attempting to delete C:\windows\system32\qtutv.ini2
C:\windows\system32\qtutv.ini2 Has been deleted!

Attempting to delete C:\windows\system32\qtutv.tmp
C:\windows\system32\qtutv.tmp Has been deleted!

Attempting to delete C:\windows\system32\qypfgpgv.exe
C:\windows\system32\qypfgpgv.exe Has been deleted!

Attempting to delete C:\windows\system32\scvsoscm.exe
C:\windows\system32\scvsoscm.exe Has been deleted!

Attempting to delete C:\windows\system32\sesmybgy.ini
C:\windows\system32\sesmybgy.ini Has been deleted!

Attempting to delete C:\windows\system32\sfujiato.exe
C:\windows\system32\sfujiato.exe Has been deleted!

Attempting to delete C:\windows\system32\ttrvlece.exe
C:\windows\system32\ttrvlece.exe Has been deleted!

Attempting to delete C:\windows\system32\tvcjsiaq.exe
C:\windows\system32\tvcjsiaq.exe Has been deleted!

Attempting to delete C:\windows\system32\urggwoip.exe
C:\windows\system32\urggwoip.exe Has been deleted!

Attempting to delete C:\windows\system32\usgoxmbi.ini
C:\windows\system32\usgoxmbi.ini Has been deleted!

Attempting to delete C:\windows\system32\vjfymgjm.dll
C:\windows\system32\vjfymgjm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\vtutq.dll Has been deleted!

Attempting to delete C:\windows\system32\wlfpadvi.exe
C:\windows\system32\wlfpadvi.exe Has been deleted!

Attempting to delete C:\windows\system32\xauopawl.dll
C:\windows\system32\xauopawl.dll Has been deleted!

Attempting to delete C:\windows\system32\xiqxmejp.dll
C:\windows\system32\xiqxmejp.dll Has been deleted!

Attempting to delete C:\windows\system32\xonipgox.exe
C:\windows\system32\xonipgox.exe Has been deleted!

Attempting to delete C:\windows\system32\xpaiwtng.exe
C:\windows\system32\xpaiwtng.exe Has been deleted!

Attempting to delete C:\windows\system32\ygbymses.dll
C:\windows\system32\ygbymses.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\j6281537.dll
C:\windows\system32\j6281537.dll Has been deleted!

Performing Repairs to the registry.
Done!

#5 king_koopa

king_koopa

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 June 2007 - 11:44 PM

ComboFix 07-06-11.3 - C:\Documents and Settings\Ziad Refki\Desktop\ComboFix.exe
"Ziad Refki" - 2007-06-11 14:38:25 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\sfsync03.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\LEGACY_SFSYNC03
-------\nm
-------\sfsync02
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))


2007-06-11 14:40 0 --a------ C:\WINDOWS\system32\sfsync03.dll
2007-06-11 14:40 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-11 14:35 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 14:26 <DIR> d-------- C:\VundoFix Backups
2007-06-09 22:21 <DIR> d-------- C:\DOCUME~1\ZIADRE~1\APPLIC~1\Ulead Systems
2007-06-09 21:56 <DIR> d-------- C:\Program Files\Ulead Systems
2007-06-09 19:28 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-06-09 18:32 <DIR> d-------- C:\Temp
2007-06-09 18:32 <DIR> d-------- C:\DVDVolume
2007-06-08 20:32 <DIR> d-------- C:\Program Files\DVDlabPro2
2007-06-07 14:41 <DIR> d-------- C:\DOCUME~1\ZIADRE~1\Shared
2007-06-07 14:41 <DIR> d-------- C:\DOCUME~1\ZIADRE~1\Incomplete
2007-06-07 14:41 <DIR> d-------- C:\DOCUME~1\ZIADRE~1\APPLIC~1\LimeWire
2007-06-07 13:33 55,316 --a------ C:\WINDOWS\system32\bcxvwcia.dll
2007-06-06 16:02 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-06-06 16:02 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-06 16:02 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-06-06 16:02 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-06 16:02 <DIR> d-------- C:\Program Files\Cucusoft
2007-06-01 08:59 <DIR> d-------- C:\Program Files\My DVD Maker
2007-06-01 08:54 81,920 --a------ C:\WINDOWS\system32\MPEGFilter.dll
2007-06-01 08:54 401,408 --a------ C:\WINDOWS\system32\MPEGWriteFilter.dll
2007-06-01 08:54 135,168 --a------ C:\WINDOWS\system32\DVDEncoder.dll
2007-06-01 08:54 <DIR> d-------- C:\Program Files\Movie DVD Maker
2007-05-29 16:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-05-29 16:21 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-05-29 16:21 <DIR> d-------- C:\Program Files\Windows Media Components
2007-05-29 16:20 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2007-05-29 16:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-05-25 19:24 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-17 17:25 <DIR> d-------- C:\DOCUME~1\ZIADRE~1\APPLIC~1\AdobeUM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 00:11:50 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\dvdcss
2007-05-29 06:20:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-28 11:34:57 -------- d-----w C:\Program Files\Steam
2007-05-24 05:20:45 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-05-10 08:32:22 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\vlc
2007-05-10 08:31:36 -------- d-----w C:\Program Files\VideoLAN
2007-05-10 07:56:51 -------- d-----w C:\Program Files\Azureus
2007-05-10 07:56:02 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\Azureus
2007-05-10 07:50:55 -------- d-----w C:\Program Files\DVD Shrink
2007-05-10 01:37:27 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-01 22:46:48 21,504 ----a-w C:\WINDOWS\jestertb.dll
2007-04-29 03:30:05 -------- d-----w C:\Program Files\MSXML 4.0
2007-04-27 13:02:59 -------- d-----w C:\Program Files\NCH Swift Sound
2007-04-27 12:56:01 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\NCH Swift Sound
2007-04-27 12:55:21 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\TransRender
2007-04-27 12:55:21 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\Temporary
2007-04-27 12:55:21 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\ConvertTemp
2007-04-27 12:55:20 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\Samsung
2007-04-27 12:52:59 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2007-04-27 12:42:15 -------- d-----w C:\Program Files\Samsung
2007-04-19 04:14:23 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-19 03:41:44 -------- d--h--r C:\DOCUME~1\ZIADRE~1\APPLIC~1\SecuROM
2007-04-19 03:34:10 -------- d-----w C:\Program Files\Electronic Arts
2007-04-19 02:35:42 -------- d-----w C:\Program Files\MSBuild
2007-04-19 02:31:56 -------- d-----w C:\Program Files\Reference Assemblies
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 08:38:26 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-16 08:24:24 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\InstallShield
2007-04-16 07:01:16 -------- d-----w C:\Program Files\EA Games
2007-04-16 05:01:59 -------- d-----w C:\Program Files\EPSON
2007-04-15 10:36:14 -------- d-----w C:\Program Files\MSN Messenger
2007-04-15 09:41:40 -------- d-----w C:\Program Files\Ares
2007-04-15 09:08:17 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-12 07:12:47 4,501 ----a-w C:\WINDOWS\gdrv.sys
2007-04-12 06:34:24 -------- d-----w C:\Program Files\Realtek
2007-04-12 05:47:15 -------- d-----w C:\DOCUME~1\ZIADRE~1\APPLIC~1\Apple Computer
2007-04-12 05:47:12 -------- d-----w C:\Program Files\iTunes
2007-04-12 05:47:06 -------- d-----w C:\Program Files\iPod
2007-04-12 05:46:54 -------- d-----w C:\Program Files\QuickTime
2007-04-12 05:46:23 -------- d-----w C:\Program Files\Apple Software Update
2007-03-25 05:21:34 0 --sha-r C:\MSDOS.SYS
2007-03-25 05:21:34 0 --sha-r C:\IO.SYS
2007-03-25 05:21:34 0 ----a-w C:\CONFIG.SYS
2007-03-25 05:21:34 0 ----a-w C:\AUTOEXEC.BAT
2007-03-25 05:18:22 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-22 20:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-22 20:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 10:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{89CCB434-7417-4E31-A00A-19BEFD6D05C9}=C:\WINDOWS\system32\dqhyayqq.dll []
{C1F016A5-0AE1-4176-B491-C3CFF3F1218D}=C:\WINDOWS\system32\vtutq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-06-01 19:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 19:22 C:\WINDOWS\system32\nvmctray.dll]
"USB Storage Toolbox"="C:\Program Files\USBToolbox\Res.EXE" [2002-01-16 00:23]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SkyTel"="SkyTel.EXE" [2006-05-16 20:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 12:47 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 20:43 C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 19:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
"Steam"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d2c6198-05b5-11dc-9b6f-00146c324840}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c968343-0009-11dc-9b67-00146c324840}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb91ce83-dad5-11db-bf9b-806d6172696f}]
AutoRun\command- D:\Run.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 14:42:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-11 14:42:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-11 14:42

--- E O F ---

#6 king_koopa

king_koopa

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 June 2007 - 11:46 PM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:45:54 PM, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89CCB434-7417-4E31-A00A-19BEFD6D05C9} - C:\WINDOWS\system32\dqhyayqq.dll (file missing)
O2 - BHO: (no name) - {C1F016A5-0AE1-4176-B491-C3CFF3F1218D} - C:\WINDOWS\system32\vtutq.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Games\Blazing Angels\RegistrationReminder.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176950861125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6162 bytes

#7 king_koopa

king_koopa

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 June 2007 - 11:47 PM

thanx heaps jedi for all ur help so far!!!!!!!!!!!!!!

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 June 2007 - 03:42 AM

Hi again,

Scan with HiJackThis and put a check in the box next to the following items;

O2 - BHO: (no name) - {89CCB434-7417-4E31-A00A-19BEFD6D05C9} - C:\WINDOWS\system32\dqhyayqq.dll (file missing)
O2 - BHO: (no name) - {C1F016A5-0AE1-4176-B491-C3CFF3F1218D} - C:\WINDOWS\system32\vtutq.dll (file missing)


Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

Restart.

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread. Are you still getting any popups?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 king_koopa

king_koopa

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 22 June 2007 - 09:24 AM

let me just say thanks for all the help so far!!!!!!!

my new log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:22:41 AM, on 23/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Games\Blazing Angels\RegistrationReminder.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176950861125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5946 bytes


and yeah my popup problems are gone!!!!

thanx heaps

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 23 June 2007 - 05:23 AM

Hi again,

Well, that looks like a clean log to me.

In order to be better protected in the future, I recommend the following programs:

SpywareBlaster protects against bad ActiveX.
http://www.javacools...areblaster.html

SpywareGuard stops Spyware from being installed.
http://www.javacools...ywareguard.html

Also install the MVPS hosts file:
http://www.mvps.org/...p2002/hosts.htm
which blocks innocent looking sites that are not so innocent.

All three are very small free programs that you run once, and then just occasionally to check for updates.

Also see
How did I get Infected?

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking
here http://v4.windowsupdate.microsoft.com/
and following the prompts.

jedi :D
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 king_koopa

king_koopa

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 25 June 2007 - 05:47 PM

thanx for all ur help

much appreciated

#12 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 25 June 2007 - 06:02 PM

You're most welcome :D
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 28 June 2007 - 04:57 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button