Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Integrity Scan Wizard Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 HuskVNJ

HuskVNJ

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 09 April 2008 - 02:12 PM

Hey been plagued by pop ups for days now, tried almost everything to get rid of them, seem to be 3 different pop ups saying I'm infected & should download their anti spyware programs, one is a yellow trangle with exclamation mark which appears in my taskbar at the bottom right, another looks like a Nod32 warning but it in' (I use nod32) another loos lk a windows XP warning,here is my hijack this log:

Deckard's System Scanner v20071014.68
Run by husk on 2008-04-09 20:51:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as husk.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:55, on 2008-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\SyncroSoft\Pos\H2O\cledx.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Windows Defender\MSASCui.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\DAEMON Tools Pro\DTProAgent.exe
C:\Program\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\husk\Skrivbord\dss.exe
C:\Program\TRENDM~1\HIJACK~1\husk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.piratebay.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.piratebay.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.piratebay.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D2DA6D0-3677-464E-BEA0-2C779A7B20F1} - (no file)
O2 - BHO: (no name) - {2E61B3EC-BFE9-4D85-B67C-DF48E1A70F4E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7D88E51B-BD5F-4AF3-8413-2FB49E83D95B} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\khfCrrst.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A280C8E2-A18C-4CA3-8784-4ABCF1C9ABB4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F6F612DD-7A89-4CEE-91C1-E3B937D7DBEF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E22B6A50-4AE1-42CC-90F7-6CB1086D3A2D} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202205279030
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.spray.se/app/uploader/FileUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: khfCrrst - C:\WINDOWS\SYSTEM32\khfCrrst.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9547 bytes

-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 20:51:45 0 d-------- C:\Program\Trend Micro
2008-04-09 19:35:11 0 d-------- C:\Documents and Settings\Administratör\Application Data\Malwarebytes
2008-04-09 16:46:06 0 d-------- C:\Documents and Settings\husk\Application Data\Malwarebytes
2008-04-09 16:45:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-09 16:45:57 0 d-------- C:\Program\Malwarebytes' Anti-Malware
2008-04-09 16:38:44 61440 --a------ C:\WINDOWS\system32\downer.exe
2008-04-09 14:23:17 0 d-------- C:\Documents and Settings\husk\.housecall6.6
2008-04-09 08:53:29 0 d-------- C:\Program\MSXML 6.0
2008-04-09 00:01:10 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 00:00:24 0 d-------- C:\Program\Reference Assemblies
2008-04-09 00:00:04 0 d-------- C:\f5a745eac444b6bf2d0a22289fdd
2008-04-08 23:59:06 0 d-------- C:\d24334e5b7ed2a31c2668e
2008-04-08 20:28:14 0 d-------- C:\WINDOWS\ERUNT
2008-04-08 02:44:26 93252 --ahs---- C:\WINDOWS\system32\mVvEgfii.ini2
2008-04-08 01:14:34 0 d-------- C:\Documents and Settings\Administratör\Application Data\Grisoft
2008-04-08 01:14:05 0 dr------- C:\Documents and Settings\Administratör\Start-meny
2008-04-08 01:14:05 0 d-------- C:\Documents and Settings\Administratör\Skrivbord
2008-04-08 01:14:05 0 d--h----- C:\Documents and Settings\Administratör\Skrivare
2008-04-08 01:14:05 0 dr-h----- C:\Documents and Settings\Administratör\SendTo
2008-04-08 01:14:05 0 d--h----- C:\Documents and Settings\Administratör\Recent
2008-04-08 01:14:05 0 d--h----- C:\Documents and Settings\Administratör\Nätverket
2008-04-08 01:14:05 1835008 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT
2008-04-08 01:14:05 0 d-------- C:\Documents and Settings\Administratör\Mina dokument
2008-04-08 01:14:05 0 d--h----- C:\Documents and Settings\Administratör\Mallar
2008-04-08 01:14:05 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar
2008-04-08 01:14:05 0 d-------- C:\Documents and Settings\Administratör\Favoriter
2008-04-08 01:14:05 0 d--hs---- C:\Documents and Settings\Administratör\Cookies
2008-04-08 01:14:05 0 dr-h----- C:\Documents and Settings\Administratör\Application Data
2008-04-08 01:14:05 0 d---s---- C:\Documents and Settings\Administratör\Application Data\Microsoft
2008-04-08 01:07:44 0 d-------- C:\Documents and Settings\husk\Application Data\Grisoft
2008-04-08 01:07:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-08 00:45:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 23:07:51 0 d-------- C:\Program\Windows Defender
2008-04-07 20:21:02 0 d-------- C:\Program\XoftSpySE
2008-04-07 19:22:00 0 d-------- C:\Documents and Settings\husk\Application Data\TmpRecentIcons
2008-04-07 15:19:02 8556 --ahs---- C:\WINDOWS\system32\IkQrCfhk.ini2
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-07 15:09:22 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-07 15:09:21 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-07 15:08:59 0 d-------- C:\Documents and Settings\All Users\Application Data\tapkpofq
2008-04-07 15:08:52 37376 -----n--- C:\WINDOWS\system32\khfCrrst.dll
2008-04-01 21:09:22 0 d-------- C:\Program\Delade filer\xing shared
2008-04-01 21:09:15 0 d-------- C:\Program\Delade filer\Real
2008-04-01 21:09:14 0 d-------- C:\Documents and Settings\husk\Application Data\Real
2008-03-16 14:34:08 68204 -ra------ C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Microsoft Corporation; >
2008-03-15 14:24:33 114688 --a------ C:\WINDOWS\tsnp2std.exe <Not Verified; ; tsnp2std>
2008-03-15 14:24:33 20480 --a------ C:\WINDOWS\FixCamera.exe <Not Verified; ; CameraFixer Application>
2008-03-15 14:24:32 344064 --a------ C:\WINDOWS\vsnp2std.exe <Not Verified; Sonix; CameraMonitor Application>
2008-03-15 14:24:31 61440 --a------ C:\WINDOWS\vsnp2std.dll <Not Verified; Sonix; >
2008-03-15 14:24:31 10221440 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2008-03-15 14:24:31 24960 --a------ C:\WINDOWS\system32\drivers\sncamd.sys <Not Verified; Microsoft Corporation; MicrosoftR WindowsR Operating System>
2008-03-15 14:24:31 53248 --a------ C:\WINDOWS\system32\csnp2std.dll <Not Verified; ; InstallUtil>
2008-03-15 14:24:31 147456 --a------ C:\WINDOWS\rsnp2std.dll <Not Verified; ; ResourceDLL>
2008-03-15 14:24:31 0 d-------- C:\Program\Delade filer\snp2std
2008-03-15 07:29:55 307200 --a------ C:\WINDOWS\vidcap32.Exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-03-15 07:29:55 53248 --a------ C:\WINDOWS\Sti305.exe <Not Verified; VM; >
2008-03-15 07:29:55 0 d-------- C:\WINDOWS\CatRoot
2008-03-15 07:29:54 0 d-------- C:\WINDOWS\EffectResources
2008-03-15 07:29:54 0 d-------- C:\Program\Vimicro
2008-03-15 07:24:11 114688 -ra------ C:\WINDOWS\VM305Cap.exe <Not Verified; www.zsmc.com.cn; www.zsmc.com.cn StillCap>
2008-03-15 07:24:11 61440 -ra------ C:\WINDOWS\VM305_STI.EXE <Not Verified; Vimicro; BIGDOG>
2008-03-15 07:24:11 81920 -ra------ C:\WINDOWS\system32\VM305STI.dll <Not Verified; VM; >
2008-03-15 07:24:11 49152 -ra------ C:\WINDOWS\amcap.exe
2008-03-15 07:24:08 391615 -ra------ C:\WINDOWS\system32\drivers\usbVM305.sys <Not Verified; Vimicro Corporation; >
2008-03-13 19:23:46 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-13 19:16:29 0 d-------- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-03-13 19:12:17 0 d-------- C:\ATI
2008-03-09 15:10:06 0 d-------- C:\Temp
2008-03-09 14:49:36 0 d-------- C:\Program\Xilisoft


-- Find3M Report ---------------------------------------------------------------

2008-04-09 16:40:55 0 d--h----- C:\Program\InstallShield Installation Information
2008-04-09 08:59:59 443464 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-04-09 08:59:59 83090 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-04-09 00:02:49 0 d-------- C:\Program\MSBuild
2008-04-07 19:45:31 0 d-------- C:\Program\LucasArts
2008-04-07 19:30:35 0 d-------- C:\Program\PC Adware-Spyware Removal
2008-04-07 15:13:38 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-04-06 15:49:49 0 d-------- C:\Program\Soulseek
2008-04-01 21:09:22 0 d-------- C:\Program\Delade filer
2008-03-26 20:23:09 0 d-------- C:\Program\TuneUp Utilities 2008
2008-03-18 18:24:21 0 d-------- C:\Documents and Settings\husk\Application Data\dvdcss
2008-03-15 07:29:54 0 d-------- C:\Program\Delade filer\InstallShield
2008-03-13 19:35:38 0 d-------- C:\Program\Setup Files
2008-03-13 19:18:37 0 d-------- C:\Program\ATI Technologies
2008-03-13 19:16:30 0 d-------- C:\Documents and Settings\husk\Application Data\ATI
2008-03-11 15:11:15 0 d-------- C:\Documents and Settings\husk\Application Data\Yahoo!
2008-03-07 00:38:38 0 d-------- C:\Program\Windows Live
2008-03-07 00:38:14 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller
2008-03-06 22:37:08 0 d-------- C:\Program\Java
2008-03-02 16:21:45 0 d-------- C:\Program\Internet Cyclone
2008-02-29 14:18:16 0 d-------- C:\Program\Ubisoft
2008-02-29 01:43:42 0 d-------- C:\Program\AGEIA Technologies
2008-02-29 01:43:04 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-02-28 11:31:32 0 d-------- C:\Program\Delade filer\Nero
2008-02-27 03:12:02 0 d-------- C:\Program\Microsoft Works
2008-02-27 03:10:57 0 d-------- C:\Program\Microsoft.NET
2008-02-26 18:44:19 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-02-25 22:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-02-24 09:35:25 0 d-------- C:\Documents and Settings\husk\Application Data\Media Player Classic
2008-02-20 12:51:31 0 d-------- C:\Documents and Settings\husk\Application Data\Internet Download Accelerator
2008-02-18 05:48:31 0 d-------- C:\Program\Windows Media Connect 2
2008-02-16 00:52:12 0 d-------- C:\Documents and Settings\husk\Application Data\InstallShield
2008-02-15 01:15:38 0 d-------- C:\Program\QuickTime Alternative
2008-02-15 01:15:38 0 d-------- C:\Program\Media Player Classic
2008-02-12 17:04:07 0 d-------- C:\Program\DivX
2008-02-10 13:19:34 0 d-------- C:\Program\MSI
2008-02-10 12:37:17 0 d-------- C:\Program\Aspyr Media, Inc
2008-02-10 11:03:02 0 d-------- C:\Program\Yahoo!
2008-02-10 10:07:06 0 d-------- C:\Program\Activision
2008-02-09 22:15:07 0 d-------- C:\Program\DAEMON Tools Pro
2008-02-05 22:07:50 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-02-05 22:07:50 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-02-05 22:07:50 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-02-05 03:29:36 62 --ahs---- C:\Documents and Settings\husk\Application Data\desktop.ini
2008-02-05 02:36:36 0 -rahs---- C:\MSDOS.SYS
2008-02-05 02:36:36 0 -rahs---- C:\IO.SYS
2008-02-05 02:36:36 0 --a------ C:\CONFIG.SYS
2008-02-05 02:36:36 0 --a------ C:\AUTOEXEC.BAT
2008-02-05 02:34:41 21700 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D2DA6D0-3677-464E-BEA0-2C779A7B20F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E61B3EC-BFE9-4D85-B67C-DF48E1A70F4E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D88E51B-BD5F-4AF3-8413-2FB49E83D95B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1BFC0E-8AD2-424D-AC8A-06038481516E}]
2008-04-07 15:08 37376 --------- C:\WINDOWS\system32\khfCrrst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A280C8E2-A18C-4CA3-8784-4ABCF1C9ABB4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6F612DD-7A89-4CEE-91C1-E3B937D7DBEF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe]
"NVIDIA nTune"="C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-05-23 15:50]
"H2O"="C:\Program\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00]
"egui"="C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25]
"NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2006-03-30 07:57]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 14:08]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-16 15:06]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-04-01 21:09]
"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:34]
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 13:47]
"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
"Yahoo! Pager"="C:\Program\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\WINDOWS\system32\khfCrrst.dll [2008-04-07 15:08 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCrrst]
khfCrrst.dll 2008-04-07 15:08 37376 C:\WINDOWS\system32\khfCrrst.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-09 20:52:27 ------------

Here is the secnd one:

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 19 April 2008 - 03:55 PM

HI

Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

Then run & post a new hijackthis log ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 22 June 2008 - 04:46 PM

Due to lack of feedback this topic is now closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users