Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Pop-up Antivirus Scanners


  • This topic is locked This topic is locked
2 replies to this topic

#1 dar-kalahari

dar-kalahari

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 08 May 2008 - 09:48 PM

When using IE7 I get inundated with heaps of pop-ups scanning my computer declaring theres viruses, trojans, porn etc on my computer. I can't locate and get rid of them ... help. This happened last time when I had reformatted and had been using my computer for a while. Back then I used a AntiTrojan Program which detected Trojans all the time. It said it removed them many times but this problem kept occuring.
Some Pop-ups include: trustedantivirus.com & Antispywaremaster & AntiSpywareSuite

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-09 13:27:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:27 p.m., on 9/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator.OFFICE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B831A3AD-F0FC-4387-BA08-03B7CBF15DDB} - C:\WINDOWS\system32\nnnnOeCU.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [50344f08] rundll32.exe "C:\WINDOWS\system32\dwkiivxj.dll",b
O4 - HKLM\..\Run: [BM53077c94] Rundll32.exe "C:\WINDOWS\system32\ncyrvoxe.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: plbbafie - C:\WINDOWS\SYSTEM32\plbbafie.dll
O20 - Winlogon Notify: __c00309E9 - C:\WINDOWS\SYSTEM32\__c00309E9.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Messenger Sharing USN Journal Reader service (usnsvc) - Unknown owner - C:\Program.exe (file missing)

--
End of file - 8278 bytes

-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-09 12:11:08 0 d-------- C:\Program Files\Trend Micro
2008-05-09 12:02:00 32256 --a------ C:\WINDOWS\system32\__c00309E9.dat
2008-05-09 12:01:56 32256 --a------ C:\WINDOWS\system32\plbbafie.dll
2008-05-09 12:01:54 2048 --a------ C:\WINDOWS\system32\jevndbhy.exe
2008-05-09 11:58:54 93696 --a------ C:\WINDOWS\system32\dwkiivxj.dll
2008-05-09 11:56:38 104448 --a------ C:\WINDOWS\system32\ncyrvoxe.dll
2008-05-09 11:50:49 0 d-------- C:\Program Files\Macromedia
2008-05-08 13:35:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\CheckPoint
2008-05-08 13:35:30 0 d-------- C:\Program Files\CheckPoint
2008-05-08 13:35:27 0 d-------- C:\Program Files\Zone Labs(3)
2008-05-08 12:46:01 0 d-------- C:\Program Files\QuickTime
2008-05-08 12:44:07 0 d-------- C:\Program Files\Bonjour
2008-05-08 12:31:52 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-08 12:24:21 194301 --ahs---- C:\WINDOWS\system32\UCeOnnnn.ini2
2008-05-08 12:24:06 281088 --a------ C:\WINDOWS\system32\nnnnOeCU.dll
2008-05-08 12:14:29 36864 --a------ C:\WINDOWS\system32\ssqRhFuT.dll
2008-05-08 12:13:51 36864 --a------ C:\WINDOWS\system32\efcccBur.dll
2008-05-08 02:01:52 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2008-05-08 02:01:52 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2008-05-08 02:01:52 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-05-08 02:01:52 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-05-08 02:01:52 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2008-05-08 02:01:52 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2008-05-08 02:01:52 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2008-05-08 02:01:52 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-05-08 02:01:52 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2008-05-08 02:01:52 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2008-05-08 02:01:52 0 d--hs---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-05-08 02:01:52 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2008-05-08 02:01:52 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2008-05-08 02:01:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2008-05-08 02:01:52 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-05-08 02:01:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2008-05-08 02:01:29 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-05-08 02:01:29 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-05-08 02:01:29 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-05-08 02:01:29 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-05-07 23:07:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
2008-05-07 20:40:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM
2008-05-07 20:38:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail
2008-05-07 20:25:31 0 d-------- C:\Documents and Settings\Administrator.OFFICE\Application Data\AdobeUM
2008-05-07 20:23:24 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-05-07 20:20:53 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-05-07 18:52:55 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-05-07 18:52:50 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 18:52:49 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 18:52:47 6272 --a------ C:\WINDOWS\system32\drivers\splitter.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 18:52:21 0 d-------- C:\Program Files\Realtek AC97
2008-05-07 18:52:17 307200 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-05-07 18:52:17 212992 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-05-07 18:32:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-05-07 18:09:46 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-07 16:55:48 0 d-------- C:\Documents and Settings\Administrator.OFFICE\Application Data\Adobe
2008-05-07 16:55:30 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-05-07 16:55:16 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-07 16:47:43 0 d-------- C:\Documents and Settings\Administrator.OFFICE\Application Data\uTorrent
2008-05-07 16:46:30 0 d-------- C:\Program Files\FLVPlayer4Free
2008-05-07 16:32:19 0 d-------- C:\Documents and Settings\Administrator.OFFICE\Application Data\Real
2008-05-07 16:11:38 0 d-------- C:\Program Files\Intel
2008-05-07 15:43:55 0 d-------- C:\Documents and Settings\Administrator.OFFICE\Application Data\Macromedia
2008-05-07 15:35:53 0 d-------- C:\Program Files\Microsoft Works
2008-05-07 15:35:21 0 d-------- C:\Program Files\MSBuild
2008-05-07 15:29:28 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-07 15:26:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-05-07 15:07:47 0 d-------- C:\Program Files\DVD Region-Free
2008-05-07 15:04:59 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 15:01:13 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-05-07 15:01:13 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-05-07 15:01:13 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-05-07 15:01:13 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-05-07 15:01:12 454656 --a------ C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-05-07 14:59:45 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-07 14:59:42 0 d-------- C:\WINDOWS\OPTIONS
2008-05-07 14:57:41 65536 --a------ C:\WINDOWS\system32\Audio3D.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-05-07 14:57:41 65536 --a------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-05-07 14:57:41 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-05-07 14:47:38 0 d-------- C:\Documents and Settings\Administrator.OFFICE\Application Data\Identities
2008-05-07 14:42:50 0 d--h----- C:\Documents and Settings\Administrator.OFFICE\Templates
2008-05-07 14:42:50 0 dr------- C:\Documents and Settings\Administrator.OFFICE\Start Menu
2008-05-07 14:42:50 0 dr-h----- C:\Documents and Settings\Administrator.OFFICE\SendTo
2008-05-07 14:42:50 0 dr-h----- C:\Documents and Settings\Administrator.OFFICE\Recent
2008-05-07 14:42:50 0 d--h----- C:\Documents and Settings\Administrator.OFFICE\PrintHood
2008-05-07 14:42:50 2510848 --a------ C:\Documents and Settings\Administrator.OFFICE\NTUSER.DAT
2008-05-07 14:42:50 0 d--h----- C:\Documents and Settings\Administrator.OFFICE\NetHood
2008-05-07 14:42:50 0 dr------- C:\Documents and Settings\Administrator.OFFICE\My Documents
2008-05-07 14:42:50 0 d--h----- C:\Documents and Settings\Administrator.OFFICE\Local Settings
2008-05-07 14:42:50 0 dr------- C:\Documents and Settings\Administrator.OFFICE\Favorites
2008-05-07 14:42:50 0 d-------- C:\Documents and Settings\Administrator.OFFICE\Desktop
2008-05-07 14:42:50 0 d--hs---- C:\Documents and Settings\Administrator.OFFICE\Cookies
2008-05-07 14:42:50 0 dr-h----- C:\Documents and Settings\Administrator.OFFICE\Application Data
2008-05-07 14:41:36 0 d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-05-07 14:41:36 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-05-07 14:41:36 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-05-07 14:41:35 454656 --a------ C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-05-07 14:41:35 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-05-07 14:40:07 417792 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-05-07 14:39:12 0 d-------- C:\WINDOWS\system32\dllcache
2008-05-07 14:38:06 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-05-07 14:36:03 23040 --a------ C:\WINDOWS\system32\fltMc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 14:36:03 16896 --a------ C:\WINDOWS\system32\fltlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 14:36:03 128768 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 14:35:55 679424 --a------ C:\WINDOWS\system32\inetcomm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 14:34:48 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-07 14:33:57 1260544 --a------ C:\WINDOWS\system32\Clear Sidebar.exe
2008-05-07 14:33:08 97792 --a------ C:\WINDOWS\system32\comrepl.dll <Not Verified; Microsoft Corporation; COM Services>
2008-05-07 14:32:51 347136 --a------ C:\WINDOWS\system32\hypertrm.dll <Not Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System>
2008-05-07 14:32:49 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-07 14:32:47 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-05-07 14:32:46 11776 --a------ C:\WINDOWS\system32\xolehlp.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-05-07 14:32:46 91136 --a------ C:\WINDOWS\system32\mtxoci.dll <Not Verified; Microsoft Corporation; COM Services>
2008-05-07 14:32:46 956416 --a------ C:\WINDOWS\system32\msdtctm.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-05-07 14:32:46 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-05-07 14:32:44 60416 --a------ C:\WINDOWS\system32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2008-05-07 14:32:44 110080 --a------ C:\WINDOWS\system32\clbcatex.dll <Not Verified; Microsoft Corporation; COM Services>
2008-05-07 14:32:44 625152 --a------ C:\WINDOWS\system32\catsrvut.dll <Not Verified; Microsoft Corporation; COM Services>
2008-05-07 14:32:44 225792 --a------ C:\WINDOWS\system32\catsrv.dll <Not Verified; Microsoft Corporation; COM Services>
2008-05-07 14:32:43 540160 --a------ C:\WINDOWS\system32\comuid.dll <Not Verified; Microsoft Corporation; COM Services>
2008-05-07 14:32:43 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2008-05-07 14:32:43 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>
2008-04-23 11:13:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-22 13:53:02 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-04-16 17:24:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-04-16 16:18:41 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-04-15 12:54:51 0 d-------- C:\WINDOWS\Sun
2008-04-15 12:54:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-15 12:52:54 0 d-------- C:\Program Files\Java
2008-04-15 12:52:06 0 d-------- C:\Program Files\Common Files\Java
2008-04-15 12:37:06 0 d-------- C:\Program Files\Power Tab Software
2008-04-14 12:19:40 0 d-------- C:\Program Files\Lavasoft
2008-04-14 12:19:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 13:28:42 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-13 13:24:26 0 d-------- C:\Program Files\Common Files\Real
2008-04-13 13:24:04 0 d-------- C:\Program Files\Real
2008-04-12 14:39:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-04-12 01:07:51 0 d-------- C:\Program Files\PowerISO
2008-04-12 00:48:13 0 d-------- C:\Program Files\Guitar Pro 5
2008-04-12 00:34:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-04-12 00:32:46 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-04-11 15:21:34 0 d-------- C:\Program Files\DivX


-- Find3M Report ---------------------------------------------------------------

2008-05-09 13:27:03 0 d-------- C:\Program Files\FlashGet
2008-05-08 20:47:05 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-08 12:44:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 12:31:52 0 d-------- C:\Program Files\Common Files
2008-05-08 12:09:56 0 d-------- C:\Program Files\Error Expert
2008-05-08 02:01:52 62 --ahs---- C:\Documents and Settings\Administrator.OFFICE\Application Data\desktop.ini
2008-05-07 20:39:53 0 d-------- C:\Program Files\IncrediMail
2008-05-07 18:35:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 18:09:41 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-07 16:42:56 0 d-------- C:\Program Files\AvRack
2008-05-07 14:40:02 0 d-------- C:\Program Files\MSN Messenger
2008-05-07 14:36:15 0 d-------- C:\Program Files\Movie Maker
2008-05-07 14:34:04 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-07 14:33:38 0 d-------- C:\Program Files\Microsoft PowerToys
2008-05-07 14:33:38 0 d-------- C:\Program Files\HashTab Shell Extension
2008-05-07 14:33:36 0 d-------- C:\Program Files\Messenger
2008-05-07 14:33:21 0 d-------- C:\Program Files\Windows NT
2008-04-02 11:36:05 0 d-------- C:\Program Files\Barcode Maker 5
2008-03-28 12:27:48 0 d-------- C:\Program Files\Super Mp3 Recorder Professional
2008-03-28 11:49:48 0 d-------- C:\Program Files\Eltima Software
2008-03-27 17:27:04 0 d-------- C:\Program Files\uTorrent
2008-03-26 16:36:56 604 --ah----- C:\Program Files\STLL Notifier
2008-03-26 16:23:29 0 d-------- C:\Program Files\Sibelius Software
2008-03-18 22:52:31 0 d-------- C:\Program Files\SlySoft
2008-03-18 22:47:25 0 d-------- C:\Program Files\CyberLink
2008-03-15 15:45:04 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-15 13:53:16 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-03-15 13:52:41 0 d-------- C:\Program Files\ScanSoft
2008-03-15 13:50:33 0 d-------- C:\Program Files\ArcSoft
2008-03-15 13:49:29 0 d-------- C:\Program Files\Common Files\CANON
2008-03-15 13:48:12 0 d-------- C:\Program Files\Canon
2008-03-15 13:45:21 0 d--h----- C:\Program Files\CanonBJ
2008-03-15 13:33:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-15 13:32:22 0 d-------- C:\Program Files\Microsoft.NET
2008-03-15 03:30:08 0 d-------- C:\Program Files\Flash Movie Player
2008-03-15 03:29:54 0 d-------- C:\Program Files\FLV Player
2008-03-15 02:36:13 0 d-------- C:\Program Files\Winamp
2008-03-15 02:35:09 0 d-------- C:\Program Files\Winamp Remote
2008-03-15 00:52:14 0 d-------- C:\Program Files\Realtek Sound Manager
2008-03-15 00:30:38 0 -rahs---- C:\MSDOS.SYS
2008-03-15 00:30:38 0 -rahs---- C:\IO.SYS
2008-03-15 00:30:38 0 --a------ C:\CONFIG.SYS
2008-03-15 00:30:38 0 --a------ C:\AUTOEXEC.BAT
2008-03-15 00:28:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-15 00:27:55 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-15 00:26:09 0 d-------- C:\Program Files\Online Services
2008-03-14 12:19:26 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-14 12:19:23 0 d-------- C:\Program Files\Common Files\SpeechEngines


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B831A3AD-F0FC-4387-BA08-03B7CBF15DDB}]
08/05/2008 12:24 p.m. 281088 --a------ C:\WINDOWS\system32\nnnnOeCU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 10:32 a.m.]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 10:32 a.m.]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 10:32 a.m.]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [07/09/2006 01:19 p.m.]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 12:47 a.m.]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [25/09/2007 08:10 p.m.]
"SoundMan"="SOUNDMAN.EXE" [17/08/2005 06:39 p.m. C:\WINDOWS\soundman.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [15/12/2004 02:12 a.m.]
"@"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/05/2008 12:15 p.m.]
"50344f08"="C:\WINDOWS\system32\dwkiivxj.dll" [09/05/2008 11:58 a.m.]
"BM53077c94"="C:\WINDOWS\system32\ncyrvoxe.dll" [09/05/2008 11:56 a.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 p.m.]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [23/04/2008 05:45 p.m.]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [7/05/2008 8:22:38 p.m.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\plbbafie]
plbbafie.dll 09/05/2008 12:02 p.m. 32256 C:\WINDOWS\system32\plbbafie.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00309E9]
__c00309E9.dat 09/05/2008 12:02 p.m. 32256 C:\WINDOWS\system32\__c00309E9.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnOeCU

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
-- End of Deckard's System Scanner: finished at 2008-05-09 13:29:00 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:21 PM

Posted 09 May 2008 - 02:33 PM

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:21 PM

Posted 16 May 2008 - 07:52 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users