I've been getting this weird threat detected every time I start windows
Threat Detected! while opening c:\\Windows\system32\AVPSrv.dll Trojan horse PSW.OnlineGames.AKEU
Heres my combofix log
ComboFix 08-04-10.7 - Ricky 2008-04-11 0:04:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2974 [GMT -4:00]
Running from: C:\Documents and Settings\Ricky\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DFD4586906.bat
C:\Documents and Settings\Ricky\Application Data\inst.exe
C:\Program Files\Internet Explorer\PLUGINS\Nv_Win3s.Jmp
C:\Program Files\internet explorer\plugins\SysWin7s.Jmp
C:\WINDOWS\dxtmechk
C:\WINDOWS\Fonts\gjcscss.dll
C:\WINDOWS\Fonts\gjcuaxw.fon
C:\WINDOWS\LotusHlp.exe
C:\WINDOWS\system32\iemnaw.dll
C:\WINDOWS\system32\msosping00.dll
C:\WINDOWS\system32\REGKEY.hiv
C:\WINDOWS\system32\wmsat.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FPIDS32
-------\Service_fpids32
-------\Service_msosping00
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.
2008-04-09 23:31 . 2008-04-09 23:31 71 --a------ C:\WINDOWS\my.ini
2008-04-09 13:54 . 2008-04-09 13:54 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-09 00:20 . 2008-04-09 00:20 <DIR> d-------- C:\Program Files\Educational Simulations
2008-04-08 14:28 . 2008-04-08 14:28 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-07 23:53 . 2008-04-10 13:36 <DIR> d-------- C:\Documents and Settings\Ricky\Application Data\AVG7
2008-04-07 23:52 . 2008-04-07 23:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-07 23:52 . 2008-04-07 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-07 23:52 . 2008-04-08 14:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-07 22:06 . 2008-04-10 23:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 22:06 . 2008-04-07 22:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 18:54 . 2008-04-07 18:54 <DIR> d-------- C:\movies
2008-04-07 18:54 . 2008-04-07 18:54 67 --a------ C:\WINDOWS\Power Video Converter.INI
2008-04-07 17:55 . 2008-04-07 17:55 <DIR> d-------- C:\Documents and Settings\Ricky\Application Data\MAGIX
2008-04-07 17:55 . 2008-04-07 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-04-07 17:54 . 2008-04-07 17:54 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-04-07 17:54 . 2008-04-07 17:54 <DIR> d-------- C:\Program Files\Xara
2008-04-07 17:54 . 2008-04-07 17:54 <DIR> d-------- C:\Program Files\Common Files\xara
2008-04-07 17:54 . 2008-04-07 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Xara
2008-04-07 17:54 . 2007-12-04 14:20 700,416 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-04-07 17:54 . 2007-04-27 09:43 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2008-04-07 17:54 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-04-07 17:54 . 2008-04-07 17:54 5,937 --a------ C:\WINDOWS\mgxoschk.ini
2008-04-06 03:49 . 2008-04-06 03:49 <DIR> d-------- C:\Program Files\HyCam2
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-02 01:11 . 2008-04-02 13:25 <DIR> d-------- C:\Program Files\Final Fantasy VII
2008-04-02 00:47 . 2008-04-02 00:47 <DIR> d-------- C:\Program Files\Square Soft, Inc
2008-04-02 00:21 . 2008-04-02 00:21 <DIR> d-------- C:\Documents and Settings\Ricky\WINDOWS
2008-04-02 00:21 . 1998-07-17 14:36 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-01 16:28 . 2008-04-07 12:43 256 --a------ C:\WINDOWS\system32\msosping.dat
2008-03-31 22:17 . 2008-04-07 17:42 <DIR> d-------- C:\Documents and Settings\Ricky\Application Data\dvdcss
2008-03-31 14:05 . 2008-03-31 14:05 <DIR> d-------- C:\Program Files\iTunes
2008-03-31 14:05 . 2008-03-31 14:05 <DIR> d-------- C:\Program Files\iPod
2008-03-31 13:09 . 2008-03-31 13:09 128 --a------ C:\WINDOWS\system32\msosmnsf.dat
2008-03-28 16:46 . 2008-03-28 16:46 <DIR> d-------- C:\Program Files\Illustrate
2008-03-28 16:46 . 2008-03-28 16:46 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-28 16:46 . 2008-03-28 16:46 36,104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-03-28 16:46 . 2008-03-28 16:45 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-03-26 01:56 . 2008-03-26 01:56 <DIR> d-------- C:\Program Files\THQ
2008-03-22 22:30 . 2003-03-26 02:52 12,113 --a------ C:\WINDOWS\system32\ayHADHAD1053.exe
2008-03-19 14:26 . 2008-03-19 14:27 <DIR> d-------- C:\Program Files\Defcon
2008-03-17 18:51 . 2008-03-17 18:51 <DIR> d-------- C:\Program Files\BreakPoint Software
2008-03-16 00:21 . 2008-03-16 00:21 <DIR> d-------- C:\Program Files\SEGA
2008-03-15 14:00 . 2008-03-15 14:01 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-15 13:59 . 2008-03-15 13:59 <DIR> d-------- C:\Program Files\Stardock Games
2008-03-12 01:14 . 2008-03-12 01:14 <DIR> d-------- C:\Program Files\Firaxis Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 04:08 --------- d-----w C:\Program Files\Steam
2008-04-11 04:02 --------- d-----w C:\Documents and Settings\Ricky\Application Data\DMCache
2008-04-10 04:42 --------- d-----w C:\Program Files\Xfire
2008-04-07 22:35 --------- d-----w C:\Documents and Settings\Ricky\Application Data\Xfire
2008-04-05 17:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 17:42 --------- d-----w C:\Program Files\Ubisoft
2008-04-05 17:41 --------- d-----w C:\Program Files\MTA San Andreas
2008-04-05 17:41 --------- d-----w C:\Program Files\GTA San Andreas
2008-03-29 17:58 --------- d-----w C:\Program Files\Internet Download Manager
2008-03-23 23:05 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-23 23:05 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-23 04:07 --------- d-----w C:\Program Files\Sierra Entertainment
2008-03-18 18:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-12 19:12 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-03-12 05:20 --------- d-----w C:\Program Files\Java
2008-03-09 18:22 --------- d-----w C:\Program Files\TinkleBell
2008-03-09 17:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-09 17:13 --------- d-----w C:\Program Files\Bethesda Softworks
2008-03-07 17:03 --------- d-----w C:\Program Files\KONAMI
2008-03-07 13:18 --------- d-----w C:\Program Files\Capcom
2008-03-04 20:08 --------- d-----w C:\Documents and Settings\Ricky\Application Data\fltk.org
2008-03-04 14:24 --------- d-----w C:\Program Files\BitComet
2008-02-29 23:18 --------- d-----w C:\Documents and Settings\Ricky\Application Data\Ubisoft
2008-02-29 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-02-29 20:27 --------- d-----w C:\Documents and Settings\Ricky\Application Data\IDM
2008-02-26 03:04 --------- d-----w C:\Documents and Settings\Ricky\Application Data\Ventrilo
2008-02-24 17:26 --------- d-----w C:\Documents and Settings\Ricky\Application Data\Nexon
2008-02-23 00:27 --------- d-----w C:\Documents and Settings\Ricky\Application Data\Microsoft Games
2008-02-22 05:14 --------- d-----w C:\Documents and Settings\Ricky\Application Data\Vso
2008-02-19 05:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-17 07:23 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-17 07:23 47,360 ----a-w C:\Documents and Settings\Ricky\Application Data\pcouffin.sys
2008-02-17 07:23 --------- d-----w C:\Program Files\VSO
2008-02-16 19:56 --------- d-----w C:\Documents and Settings\Ricky\Application Data\Apple Computer
2008-02-16 19:55 --------- d-----w C:\Program Files\QuickTime
2008-02-16 19:55 --------- d-----w C:\Program Files\Apple Software Update
2008-02-16 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-16 19:54 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-16 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-14 14:07 --------- d-----w C:\Program Files\Double Fine Productions
2008-02-13 17:13 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-13 17:13 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-12 03:22 --------- d-----w C:\Program Files\OGPlanet
2008-02-11 04:09 --------- d-----w C:\Program Files\VUGames
2008-02-08 22:53 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-01-26 15:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-26 14:45 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-26 06:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 03:17 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-01-26 03:17 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-26 03:17 22,328 ----a-w C:\Documents and Settings\Ricky\Application Data\PnkBstrK.sys
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.
------- Sigcheck -------
2008-01-25 23:04 359040 28f288e08a098df3c0eb6aa813bb41fd C:\WINDOWS\system32\dllcache\tcpip.sys
2008-01-25 23:04 359040 28f288e08a098df3c0eb6aa813bb41fd C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 00:19 1271032]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-07 23:52 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 20:55 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-07 23:52 219136]
C:\Documents and Settings\Ricky\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-02 19:25:58 2987856]
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3FA10261-B890-F432-A453-69F1023513F3}"= C:\WINDOWS\system32\gjcscyc.dll [ ]
"{1c82d72f-0bc3-49c4-bca3-df83375d6275}"= C:\WINDOWS\system32\ayEZZEZZ1040.dll [ ]
"{932bb016-359b-4477-b32a-6bffdcff0cee}"= C:\WINDOWS\system32\ayCBDCBD1044.dll [ ]
"{41ecd554-3c23-49de-a7a0-cea08063ad99}"= C:\WINDOWS\system32\aySADSAD1030.dll [ ]
"{91386745-2233-4971-b5da-8243c9361db0}"= C:\WINDOWS\system32\ayPATPAT1023.dll [ ]
"{268f299b-491e-4653-8f79-e6a7bb762148}"= C:\WINDOWS\system32\ayHADHAD1057.dll [ ]
"{c12b53ac-ba76-4993-9d41-7eae5fdf9208}"= C:\WINDOWS\system32\ayKAEKAE1056.dll [ ]
"{6ce08af1-5f70-4c1a-8d1a-8aba11619e87}"= C:\WINDOWS\system32\ayFKKFKK1055.dll [ ]
"{a1fce912-3517-41d0-b809-16a255470bb4}"= C:\WINDOWS\system32\ayDABDAB1057.dll [ ]
"{3711ff72-e89f-4bdb-ad59-140f5da60968}"= C:\WINDOWS\system32\ayBAIBAI1054.dll [ ]
"{3a7099b6-eb76-4198-a559-eea56538a59c}"= C:\WINDOWS\system32\ayKAFKAF1057.dll [ ]
"{29fab913-d0cd-477b-a3f0-3d7c3a90379b}"= C:\WINDOWS\system32\ttVUFVUF1011.dll [ ]
"{5ac6d3c3-f564-407e-9c4b-ce4b6cd3f9ac}"= C:\WINDOWS\system32\ttQACQAC1032.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my.exe]
Debugger=C:\WINDOWS\Fonts\syn00-1D-7D-A4-2C-10\system\11a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQLogin.exe]
Debugger="C:\WINDOWS\system32\qqxyd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\XYD2.exe]
Debugger="C:\WINDOWS\system32\qqxyd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17933:TCP"= 17933:TCP:BitComet 17933 TCP
"17933:UDP"= 17933:UDP:BitComet 17933 UDP
S2 mnsf;mnsf;C:\DOCUME~1\Ricky\LOCALS~1\Temp\tmp62.tmp []
S2 ping;ping;C:\DOCUME~1\Ricky\LOCALS~1\Temp\tmp5E.tmp []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-26 10:45]
S3 sys_flt;sys_flt;C:\DOCUME~1\Ricky\LOCALS~1\Temp\~00.tmp []
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
S4 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-08-02 13:33]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\PsychoLauncher.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-11 00:08:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnsf]
"ImagePath"="\??\C:\DOCUME~1\Ricky\LOCALS~1\Temp\tmp62.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ping]
"ImagePath"="\??\C:\DOCUME~1\Ricky\LOCALS~1\Temp\tmp5E.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sys_flt]
"ImagePath"="\??\C:\DOCUME~1\Ricky\LOCALS~1\Temp\~00.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-04-11 0:10:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 04:10:24
Pre-Run: 245,843,902,464 bytes free
Post-Run: 245,750,112,256 bytes free
And my hijack log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:23:47 AM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ricky\My Documents\Downloads\Programs\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3014 bytes
Thanks.
Home
FAQ
Search
Profile
Private Messages
Log in/Register/Password
General