Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have A Cryp Tap-2, Here Is My Hijackthis Log, Help?


  • This topic is locked This topic is locked
2 replies to this topic

#1 street77

street77

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 31 March 2008 - 02:02 PM

hi,

PC- Chillen is telling me i have a virus called Cryp Tap-2, and it can't get ride of it. i've read of few of the forums and found similiar problems. the only thing that is wrong with my computer is the popup of pc chilling and once a go on the internet i lose my desktop view, and all i'm left with is the internet window and the background. can any one help?

thanks,



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:55 PM, on 31/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:Program FilesInternet Explorerieuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Windowssystem32taskeng.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WindowsOEM02Mon.exe
C:Program FilesSigmatelC-Major AudioWDMsttray.exe
C:WindowsSystem32rundll32.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesDellMediaDirectPCMService.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesDellQuickSetquickset.exe
C:PROGRA~1TRENDM~1INTERN~1PccGuide.exe
C:Program FilesFingerprint Reader Suitepsqltray.exe
C:WindowsSystem32rundll32.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Program FilesInternet Exploreriexplore.exe
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Windowssystem32SearchFilterHost.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig/dell?hl=en&cli...amp;ibd=2080313
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Internet Explorer provided by Dell
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:Windowssystem32atgban.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:Program FilesDellBAEBAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [ECenter] C:DellE-CenterEULALauncher.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [OEM02Mon.exe] C:WindowsOEM02Mon.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMsttray.exe
O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NVHotkey] rundll32.exe C:Windowssystem32nvHotkey.dll,Start
O4 - HKLM..Run: [VolPanel] "C:Program FilesCreativeSBAudigyVolume PanelVolPanlu.exe" /r
O4 - HKLM..Run: [UpdReg] C:WindowsUpdReg.EXE
O4 - HKLM..Run: [DELL Webcam Manager] "C:Program FilesDellDell Webcam ManagerDellWMgr.exe" /s
O4 - HKLM..Run: [PSQLLauncher] "C:Program FilesFingerprint Reader Suitelauncher.exe" /startup
O4 - HKLM..Run: [pccguide.exe] "C:Program FilesTrend MicroInternet Security 14pccguide.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [dscactivate] C:Program FilesDell Support Centergs_agentcustomdsca.exe
O4 - HKLM..Run: [PCMService] "C:Program FilesDellMediaDirectPCMService.exe"
O4 - HKLM..Run: [MSServer] rundll32.exe C:Windowssystem32awtsPGXo.dll,#1
O4 - HKLM..Run: [PostSetupCheck] C:WindowsSystem32Rundll32.exe "C:Windowssystem32atgban.dll" DllStart
O4 - HKLM..Run: [runner1] C:Windowsmrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Host Process] C:UsersAndrewsvchost.exe
O4 - HKCU..Run: [cmds] rundll32.exe C:UsersAndrewAppDataLocalTempyayyWnon.dll,c
O4 - HKCU..Run: [MSServer] rundll32.exe C:UsersAndrewAppDataLocalTempgeBrSmKd.dll,#1
O4 - HKCU..Run: [MS Juan] rundll32 "C:UsersAndrewAppDataLocalTempvgeujhot.dll",run
O4 - HKCU..Run: [2c3b7999] rundll32.exe "C:UsersAndrewAppDataLocalTempwwstvlxm.dll",b
O4 - HKCU..Run: [AdwareAlert] C:Program FilesAdwareAlertAdwareAlert.exe -boot
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:Program FilesDellQuickSetquickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0binnpjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0binnpjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:Program FilesAdwareAlertAdwareAlert.srv.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:Windowssystem32aestsrv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:Windowssystem32CTsvcCDA.exe
O23 - Service: IntelŪ PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
O23 - Service: IntelŪ PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:Windowssystem32STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe

--
End of file - 9421 bytes


also i'm working on Vista if that helps...

also i beleive this is the file path that is stated on pc-chill
HKCU..Run: [cmds] rundll32.exe C:UsersAndrewAppDataLocalTempyayyWnon.dll

Edited by Orange Blossom, 31 March 2008 - 10:35 PM.
Merged posts. ~ OB


BC AdBot (Login to Remove)

 


#2 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 08 April 2008 - 08:05 AM

Hi street77,
I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our helpers are volunteers. I'm subscribed to this topic now and will help you with any malware issues you may have.

Since it has been a while since you posted last and changes may have been made to your system please run HijackThis and post a new log in your next reply.

#3 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 13 April 2008 - 08:46 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users