|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
03-04-2008, 08:22 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 6
OS: Windowa XP
|
Trojan horse tk58.exe keeps coming back - occasional unwanted pop-up
Hello,
I had an infections by many trojans horses recently and some malwares. I get rid of the majority of them, but one seems problematic when I scan with AVG : tk58.exe, he keeps coming back at each restart. It is possible there's some others left too I didn't detect. As asked in the 5 steps... PANDA SCAN Incident Status Location Adware:Adware/Zenosearch Not disinfected c:\windows\system32\scntnlwb.exe Adware:adware/commad Not disinfected c:\windows\uninstall_nmon.vbs Spyware:Cookie/888 Not disinfected C:\Documents and Settings\john\Cookies\john@888[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\john\Cookies\john@adrevolver[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\john\Cookies\john@adtech[1].txt Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\john\Cookies\john@adviva[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\john\Cookies\john@atdmt[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\john\Cookies\john@azjmp[2].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\john\Cookies\john@counter.hitslink[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\john\Cookies\john@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\john\Cookies\john@findwhat[1].txt Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\john\Cookies\john@fl01.ct2.comclick[1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\john\Cookies\john@int.sitestat[1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\john\Cookies\john@int.sitestat[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\john\Cookies\john@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\john\Cookies\john@overture[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\john\Cookies\john@searchportal.information[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[2].txt Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\john\Cookies\john@smartadserver[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\john\Cookies\john@toplist[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\john\Cookies\john@tradedoubler[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[2].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\john\Cookies\john@weborama[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\john\Cookies\john@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[2].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Cookies\system@enhance[1].txt DSS SCAN Deckard's System Scanner v20071014.68 Run by john on 2008-03-04 23:17:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-03-04 23:17:48 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\scntnlwb.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\MDM.EXE C:\Documents and Settings\john\Bureau\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: 0 - {4335653E-7879-42D7-0995-77200B75DF22} - C:\Program Files\Windows NT\lavupag.dll (file missing) O2 - BHO: (no name) - {5BCD2798-8F7E-4C95-A900-B0090137389A} - C:\Program Files\Messenger\poredom89104.dll O2 - BHO: {8af8f820-b356-ab28-3ba4-1ec38f3dced6} - {6decd3f8-3ce1-4ab3-82ba-653b028f8fa8} - C:\WINDOWS\system32\rwyodtbp.dll (file missing) O2 - BHO: (no name) - {8376B854-7EA7-42B6-AC10-1DDE6687ED16} - C:\WINDOWS\system32\mljjh.dll (file missing) O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - C:\WINDOWS\system32\awtqrpo.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scntnlwb.exe DWram O4 - HKLM\..\Run: [90b8b5ec] rundll32.exe "C:\WINDOWS\system32\rgxkjgev.dll",b O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 O4 - HKCU\..\Run: [Oamm] "C:\DOCUME~1\john\APPLIC~1\ASKS~1\wuaclt.exe" -vt yazb O4 - HKCU\..\Run: [Orirqmkx] "C:\Documents and Settings\john\Mes documents\A?pPatch\c?rss.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntnlwb.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\kmwnw64l.exe O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\drivers\patch32.dll O20 - Winlogon Notify: awtqrpo - C:\WINDOWS\system32\awtqrpo.dll (file missing) O20 - Winlogon Notify: cqfpwfme - C:\WINDOWS\system32\cqfpwfme.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6285 bytes -- Files created between 2008-02-04 and 2008-03-04 ----------------------------- 2008-03-04 21:50:50 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-04 21:50:45 0 d-------- C:\Program Files\SpywareBlaster 2008-03-03 19:59:55 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-03-03 19:44:44 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-03-03 18:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-03 16:48:29 0 dr-h----- C:\$VAULT$.AVG 2008-03-02 23:35:19 0 d-------- C:\Documents and Settings\john\Application Data\AVG7 2008-03-02 23:35:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-02 23:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-02 23:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-02 23:24:07 0 d-------- C:\Program Files\Lavasoft 2008-03-02 23:24:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-02 23:23:32 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-02 23:20:41 0 d-------- C:\Documents and Settings\All Users\Modèles 2008-03-02 22:59:45 0 d-------- C:\Documents and Settings\john\Application Data\InstallShield 2008-03-02 22:23:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-03-02 22:23:49 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-03-02 13:20:38 0 d-------- C:\Program Files\Alwil Software 2008-03-02 12:17:04 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-03-01 20:34:19 182238 --ahs---- C:\WINDOWS\system32\hjjlm.ini2 2008-03-01 20:33:46 0 dr------- C:\Documents and Settings\LocalService\Favoris 2008-03-01 20:31:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon 2008-03-01 20:31:21 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs 2008-03-01 20:31:21 0 d--hs---- C:\WINDOWS\am9obg 2008-03-01 20:30:04 923 --a------ C:\WINDOWS\system32\winpfz37.sys 2008-03-01 20:29:47 200774 --a------ C:\WINDOWS\system32\scntnlwb.exe 2008-03-01 20:29:37 0 d-------- C:\WINDOWS\system32\xo4 2008-03-01 20:29:36 0 d-------- C:\WINDOWS\system32\pb6 2008-03-01 20:29:36 0 d-------- C:\WINDOWS\system32\cpo3 2008-03-01 20:29:36 0 d-------- C:\WINDOWS\system32\ap9 2008-03-01 20:29:18 0 d-------- C:\Documents and Settings\john\Application Data\?asks 2008-03-01 20:29:12 0 d-------- C:\WINDOWS\system32\iDlo01 2008-02-25 00:09:39 0 d-------- C:\Program Files\Web Publish 2008-02-24 23:55:13 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 23:55:12 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 23:55:12 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java> 2008-02-24 23:55:12 6550 --a------ C:\WINDOWS\jautoexp.dat 2008-02-24 23:55:01 113 --a------ C:\WINDOWS\system32\zonedon.reg 2008-02-24 23:55:01 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2008-02-24 23:55:00 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2008-02-24 23:55:00 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2008-02-24 23:55:00 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 23:54:59 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 23:54:59 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 23:54:59 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2008-02-24 23:54:59 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 23:54:59 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 23:54:58 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 23:54:58 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2008-02-24 23:54:56 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-02-24 22:44:19 0 d-------- C:\Temp -- Find3M Report --------------------------------------------------------------- 2008-03-04 21:13:47 0 d-------- C:\Program Files\Messenger 2008-03-04 21:13:23 0 d-------- C:\Program Files\FolderSize 2008-03-04 12:17:13 0 d-------- C:\Documents and Settings\john\Application Data\uTorrent 2008-03-03 16:48:31 0 d-------- C:\Program Files\Windows NT 2008-03-02 23:23:32 0 d-------- C:\Program Files\Fichiers communs 2008-03-02 22:54:22 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-02 13:34:53 0 d-------- C:\Documents and Settings\john\Application Data\?asks 2008-03-01 20:21:27 0 d-------- C:\Documents and Settings\john\Application Data\AdobeUM 2008-02-17 21:39:56 0 d-------- C:\Documents and Settings\john\Application Data\Adobe 2008-01-31 23:15:40 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > 2008-01-30 21:53:58 0 d-------- C:\Program Files\THQ 2008-01-17 22:37:41 0 d-------- C:\Program Files\Starcraft 2008-01-01 23:08:49 32972 --a------ C:\WINDOWS\scunin.dat 2008-01-01 23:08:48 967 --a------ C:\WINDOWS\ScUnin.pif 2008-01-01 23:08:48 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4335653E-7879-42D7-0995-77200B75DF22}] C:\Program Files\Windows NT\lavupag.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BCD2798-8F7E-4C95-A900-B0090137389A}] 2008-02-07 20:07 217088 --a------ C:\Program Files\Messenger\poredom89104.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6decd3f8-3ce1-4ab3-82ba-653b028f8fa8}] C:\WINDOWS\system32\rwyodtbp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8376B854-7EA7-42B6-AC10-1DDE6687ED16}] C:\WINDOWS\system32\mljjh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}] C:\WINDOWS\system32\awtqrpo.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54] "ExploreUpdSched"="C:\WINDOWS\system32\scntnlwb.exe" [2008-03-01 20:29] "90b8b5ec"="C:\WINDOWS\system32\rgxkjgev.dll" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-02 23:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 07:00] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "Oamm"="C:\DOCUME~1\john\APPLIC~1\ASKS~1\wuaclt.exe" [] "Orirqmkx"="C:\Documents and Settings\john\Mes documents\A?pPatch\c?rss.exe" [] C:\Documents and Settings\john\Menu D‚marrer\Programmes\D‚marrage\ Deewoo.lnk - C:\WINDOWS\system32\scntnlwb.exe [2008-03-01 20:29:47] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{ED120D76-BF31-412C-A99B-783C6676E128}"= C:\WINDOWS\system32\awtqrpo.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrpo] awtqrpo.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cqfpwfme] cqfpwfme.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\drivers\patch32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 *Newly Created Service* - QFXYCGEXSHMO -- End of Deckard's System Scanner: finished at 2008-03-04 23:18:19 ------------ Thanx in advance. I asked for a notification in my email adress and I'll check daily. |
|
     
|
|
03-27-2008, 08:56 PM
|
#6 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 6
OS: Windowa XP
|
Re: Trojan horse tk58.exe keeps coming back - occasional unwanted pop-up
Fresh post. There were no extra.txt that cam with the scan.
I saw someone with basically the same problem, thread : http://www.techsupportforum.com/secu...-new-post.html but I was not sure if I could follow the same instructions given to this person. Thanx again. Deckard's System Scanner v20071014.68 Run by john on 2008-03-27 23:49:59 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as john.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:52:34, on 2008-03-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\scntnlwb.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Documents and Settings\john\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\john.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: 0 - {4335653E-7879-42D7-0995-77200B75DF22} - C:\Program Files\Windows NT\lavupag.dll (file missing) O2 - BHO: (no name) - {5BCD2798-8F7E-4C95-A900-B0090137389A} - C:\Program Files\Messenger\poredom89104.dll (file missing) O2 - BHO: {8af8f820-b356-ab28-3ba4-1ec38f3dced6} - {6decd3f8-3ce1-4ab3-82ba-653b028f8fa8} - C:\WINDOWS\system32\rwyodtbp.dll (file missing) O2 - BHO: (no name) - {8376B854-7EA7-42B6-AC10-1DDE6687ED16} - C:\WINDOWS\system32\mljjh.dll (file missing) O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - C:\WINDOWS\system32\awtqrpo.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scntnlwb.exe DWram O4 - HKLM\..\Run: [90b8b5ec] rundll32.exe "C:\WINDOWS\system32\rgxkjgev.dll",b O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 O4 - HKCU\..\Run: [Oamm] "C:\DOCUME~1\john\APPLIC~1\ASKS~1\wuaclt.exe" -vt yazb O4 - HKCU\..\Run: [Orirqmkx] "C:\Documents and Settings\john\Mes documents\A?pPatch\c?rss.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntnlwb.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\kmwnw64l.exe O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\drivers\patch32.dll O20 - Winlogon Notify: awtqrpo - awtqrpo.dll (file missing) O20 - Winlogon Notify: cqfpwfme - cqfpwfme.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5795 bytes -- Files created between 2008-02-27 and 2008-03-27 ----------------------------- 2008-03-27 23:50:11 0 d-------- C:\Program Files\Trend Micro 2008-03-16 17:03:49 164352 --a------ C:\WINDOWS\system32\unrar.dll 2008-03-16 17:03:46 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2008-03-16 17:03:46 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-03-16 17:03:46 755027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-03-16 17:03:45 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-03-16 17:03:45 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-03-16 17:03:45 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®> 2008-03-16 17:03:44 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-03-16 17:03:42 0 d-------- C:\Program Files\K-Lite Codec Pack 2008-03-06 23:41:00 0 d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment 2008-03-04 22:50:50 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-04 22:50:45 0 d-------- C:\Program Files\SpywareBlaster 2008-03-03 20:59:55 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-03-03 20:44:44 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-03-03 19:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-03 17:48:29 0 dr-h----- C:\$VAULT$.AVG 2008-03-03 00:35:19 0 d-------- C:\Documents and Settings\john\Application Data\AVG7 2008-03-03 00:35:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-03 00:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-03 00:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-03 00:24:07 0 d-------- C:\Program Files\Lavasoft 2008-03-03 00:24:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-03 00:23:32 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-03 00:20:41 0 d-------- C:\Documents and Settings\All Users\Modèles 2008-03-02 23:59:45 0 d-------- C:\Documents and Settings\john\Application Data\InstallShield 2008-03-02 23:23:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-03-02 23:23:49 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-03-02 14:20:38 0 d-------- C:\Program Files\Alwil Software 2008-03-02 13:17:04 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System> 2008-03-01 21:34:19 182238 --ahs---- C:\WINDOWS\system32\hjjlm.ini2 2008-03-01 21:33:46 0 dr------- C:\Documents and Settings\LocalService\Favoris 2008-03-01 21:31:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon 2008-03-01 21:31:21 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs 2008-03-01 21:31:21 0 d--hs---- C:\WINDOWS\am9obg 2008-03-01 21:30:04 936 --a------ C:\WINDOWS\system32\winpfz37.sys 2008-03-01 21:29:47 200774 --a------ C:\WINDOWS\system32\scntnlwb.exe 2008-03-01 21:29:37 0 d-------- C:\WINDOWS\system32\xo4 2008-03-01 21:29:36 0 d-------- C:\WINDOWS\system32\pb6 2008-03-01 21:29:36 0 d-------- C:\WINDOWS\system32\cpo3 2008-03-01 21:29:36 0 d-------- C:\WINDOWS\system32\ap9 2008-03-01 21:29:18 0 d-------- C:\Documents and Settings\john\Application Data\?asks 2008-03-01 21:29:12 0 d-------- C:\WINDOWS\system32\iDlo01 -- Find3M Report --------------------------------------------------------------- 2008-03-24 10:24:19 0 d-------- C:\Program Files\Messenger 2008-03-22 01:01:51 0 d-------- C:\Documents and Settings\john\Application Data\uTorrent 2008-03-10 21:39:40 445016 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-10 21:39:40 63614 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-03-07 00:48:49 0 d-------- C:\Program Files\World of Warcraft 2008-03-06 23:41:00 0 d-------- C:\Program Files\Fichiers communs 2008-03-04 22:13:23 0 d-------- C:\Program Files\FolderSize 2008-03-03 17:48:31 0 d-------- C:\Program Files\Windows NT 2008-03-02 23:54:22 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-02 14:34:53 0 d-------- C:\Documents and Settings\john\Application Data\?asks 2008-03-01 21:21:27 0 d-------- C:\Documents and Settings\john\Application Data\AdobeUM 2008-02-25 01:09:39 0 d-------- C:\Program Files\Web Publish 2008-02-17 22:39:56 0 d-------- C:\Documents and Settings\john\Application Data\Adobe 2008-02-01 00:15:40 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > 2008-01-30 22:53:58 0 d-------- C:\Program Files\THQ 2008-01-02 00:08:49 32972 --a------ C:\WINDOWS\scunin.dat 2008-01-02 00:08:48 967 --a------ C:\WINDOWS\ScUnin.pif 2008-01-02 00:08:48 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4335653E-7879-42D7-0995-77200B75DF22}] C:\Program Files\Windows NT\lavupag.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BCD2798-8F7E-4C95-A900-B0090137389A}] C:\Program Files\Messenger\poredom89104.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6decd3f8-3ce1-4ab3-82ba-653b028f8fa8}] C:\WINDOWS\system32\rwyodtbp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8376B854-7EA7-42B6-AC10-1DDE6687ED16}] C:\WINDOWS\system32\mljjh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}] C:\WINDOWS\system32\awtqrpo.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "ExploreUpdSched"="C:\WINDOWS\system32\scntnlwb.exe" [2008-03-01 21:29] "90b8b5ec"="C:\WINDOWS\system32\rgxkjgev.dll" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-03 00:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 08:00] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "Oamm"="C:\DOCUME~1\john\APPLIC~1\ASKS~1\wuaclt.exe" [] "Orirqmkx"="C:\Documents and Settings\john\Mes documents\A?pPatch\c?rss.exe" [] C:\Documents and Settings\john\Menu D‚marrer\Programmes\D‚marrage\ Deewoo.lnk - C:\WINDOWS\system32\scntnlwb.exe [2008-03-01 21:29:47] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{ED120D76-BF31-412C-A99B-783C6676E128}"= C:\WINDOWS\system32\awtqrpo.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrpo] awtqrpo.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cqfpwfme] cqfpwfme.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\drivers\patch32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 -- End of Deckard's System Scanner: finished at 2008-03-27 23:52:53 ------------ |
|
|
|
|
| Thread Tools | |
|
|
