Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Second.sight Keeps Infecting My System


  • This topic is locked This topic is locked
3 replies to this topic

#1 chrhx

chrhx

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 20 May 2008 - 04:57 PM

Hello.
I have a problem: Severel times a week, if not daily, spyware doctor detects a something called application.second_sight <hxxp://www.pctools.com/dk/mrc/infections/id/Application.Second_Sight>. I remove it everytime succesfully, but it keeps coming back.

I even tried reformatting my computer, but it came back - i suspect from my external harddisk, but i don't know and even so somehow doubt it. I also scanned my computer with Avira Antivir and trend micros onlinescanner, but neither detects anything. So i suspect i have some kind of trojan installer or it is just a false positive?

Please help me, i have had this problem for a very long time and it is really frustrating. Here is my dss log:

Deckard's System Scanner v20071014.68
Run by Chr on 2008-05-20 23:30:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-05-20 21:30:50 UTC - RP158 - Deckard's System Scanner Restore Point
66: 2008-05-19 14:21:17 UTC - RP157 - Systemkontrolpunkt
65: 2008-05-16 12:22:14 UTC - RP156 - Software Distribution Service 3.0
64: 2008-05-15 08:40:53 UTC - RP155 - Software Distribution Service 3.0
63: 2008-05-12 23:12:27 UTC - RP154 - Installed SyncToy


-- First Restore Point --
1: 2008-02-10 18:19:47 UTC - RP92 - Systemkontrolpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chr.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:14, on 20-05-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmer\TOSHIBA\TOSHIBA-programmer\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Synaptics\SynTP\Toshiba.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\Programmer\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
c:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmer\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmer\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programmer\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Chr\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [THotkey] "C:\Programmer\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Programmer\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmer\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144669647671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197209054000
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Desktop-administrator 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmer\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8389 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080511-193519-700 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
backup-20080511-193520-964 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
backup-20080511-193521-492 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R3 pgfilter - c:\programmer\peerguardian2\pgfilter.sys
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>

S3 AgereSoftModem (TOSHIBA V92 Software Modem) - c:\windows\system32\drivers\agrsm.sys (file missing)
S3 danceflt (XboxCtrl_filt_Service) - c:\windows\system32\drivers\danceflt.sys <Not Verified; Compuware Corporation; DriverStudio>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>
S4 s24trans (WLAN-transport) - c:\windows\system32\drivers\s24trans.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirMailService (Avira AntiVir Premium MailGuard) - "c:\programmer\avira\antivir personaledition premium\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AntiVirScheduler (Avira AntiVir Premium Scheduler) - "c:\programmer\avira\antivir personaledition premium\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 antivirwebservice (Avira AntiVir Premium WebGuard) - "c:\programmer\avira\antivir personaledition premium\avwebgrd.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AVEService (Avira AntiVir Premium MailGuard helper service) - "c:\programmer\avira\antivir personaledition premium\avesvc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 TAPPSRV (TOSHIBA Application Service) - "c:\programmer\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>

S3 ServiceLayer - "c:\programmer\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007\4&1E09AF89&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_3026&SUBSYS_11790001&REV_1007\4&1E09AF89&0&0101
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Jules
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Jules
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-18 23:22:21 32768 --a------ C:\WINDOWS\system32\mf.dll
2008-05-18 22:31:55 0 d-------- C:\Documents and Settings\Chr\My Games
2008-05-18 22:31:42 0 d-------- C:\Documents and Settings\All Users\Microsoft

2008-05-14 10:27:34 0 d-------- C:\Programmer\SystemRequirementsLab
2008-05-14 10:27:17 0 d-------- C:\Documents and Settings\Chr\Application Data\SystemRequirementsLab
2008-05-14 00:33:59 0 dr-h----- C:\Documents and Settings\Chr\Recent
2008-05-13 13:08:28 0 d-------- C:\Documents and Settings\Chr\Application Data\Comodo
2008-05-13 13:08:27 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-12 23:01:53 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-12 22:04:28 0 dr------- C:\Documents and Settings\LocalService\Dokumenter
2008-05-11 19:31:09 0 d-------- C:\Programmer\Trend Micro
2008-05-08 07:33:28 0 d-------- C:\Documents and Settings\Chr\DoctorWeb
2008-05-07 14:37:51 0 d-------- C:\WINDOWS\Prefetch
2008-05-07 14:29:59 0 d-------- C:\WINDOWS\system32\da
2008-05-07 14:29:59 0 d-------- C:\WINDOWS\l2schemas
2008-05-07 14:29:58 0 d-------- C:\WINDOWS\system32\bits
2008-05-07 14:25:50 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-06 13:21:29 0 d-------- C:\Programmer\SpywareBlaster
2008-04-27 12:26:54 0 d-------- C:\WINDOWS\system32\xlive
2008-04-26 13:34:32 0 d-------- C:\Documents and Settings\Chr\Application Data\dvdcss
2008-04-24 17:03:02 40960 --a------ C:\WINDOWS\system32\TPSAddin.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-24 17:03:01 77824 --a------ C:\WINDOWS\system32\TPwrReg.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-24 17:03:01 45056 --a------ C:\WINDOWS\system32\TPwrCfg.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-24 17:03:01 49152 --a------ C:\WINDOWS\system32\TPSTrace.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-24 17:03:01 40960 --a------ C:\WINDOWS\system32\TPSMainCtl.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-24 17:03:01 266240 --a------ C:\WINDOWS\system32\TPSMain.exe <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-24 17:03:01 49152 --a------ C:\WINDOWS\system32\TPSDel.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-24 17:03:01 40960 --a------ C:\WINDOWS\system32\TPSBattM.exe <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-24 17:03:01 86016 --a------ C:\WINDOWS\system32\CpuPerf.dll <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
2008-04-23 14:53:02 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-23 13:23:04 0 d-------- C:\Documents and Settings\Chr\Application Data\Leadertech
2008-04-23 11:39:57 0 d-------- C:\Programmer\DAEMON Tools Lite
2008-04-20 20:43:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater


-- Find3M Report ---------------------------------------------------------------

2008-05-20 23:34:01 0 d-------- C:\Documents and Settings\Chr\Application Data\uTorrent
2008-05-20 22:24:18 0 d-------- C:\Programmer\Google
2008-05-20 12:02:27 0 d-------- C:\Programmer\Spyware Doctor
2008-05-18 14:08:39 3584105 --a------ C:\Documents and Settings\Chr\Application Data\NMM-MetaData.db
2008-05-18 12:03:11 0 d-------- C:\Documents and Settings\Chr\Application Data\PC Suite
2008-05-16 17:51:43 0 d-------- C:\Programmer\CCleaner
2008-05-07 14:42:52 460024 --a------ C:\WINDOWS\system32\perfh006.dat
2008-05-07 14:42:52 84018 --a------ C:\WINDOWS\system32\perfc006.dat
2008-05-07 14:30:35 0 d-------- C:\Programmer\Messenger
2008-05-07 14:29:58 0 d-------- C:\Programmer\Movie Maker
2008-05-07 14:25:09 0 d-------- C:\Programmer\Windows NT
2008-05-07 14:22:01 0 d-------- C:\Documents and Settings\Chr\Application Data\Adobe
2008-05-06 16:49:01 0 d-------- C:\Programmer\Subdownloader
2008-05-05 19:58:33 0 d-------- C:\Programmer\Paint.NET
2008-05-03 12:48:48 25213 --a------ C:\Documents and Settings\Chr\Application Data\Kommaseparerede værdier (Windows).ADR
2008-05-03 12:43:32 25179 --a------ C:\Documents and Settings\Chr\Application Data\Kommaseparerede værdier (DOS).ADR
2008-04-29 18:35:18 0 d-------- C:\Documents and Settings\Chr\Application Data\TrueCrypt
2008-04-29 10:37:58 0 d-------- C:\Programmer\Nokia
2008-04-29 10:36:30 0 d-------- C:\Programmer\Live! Cam
2008-04-26 14:35:34 0 d--h----- C:\Programmer\InstallShield Installation Information
2008-04-25 08:07:00 0 d-------- C:\Documents and Settings\Chr\Application Data\DAEMON Tools
2008-04-24 17:03:02 0 d-------- C:\Programmer\Toshiba
2008-04-24 12:24:04 0 d-------- C:\Programmer\DivX
2008-04-22 11:55:47 0 d-------- C:\Documents and Settings\Chr\Application Data\Google
2008-04-20 21:39:24 0 d-------- C:\Programmer\Audacity
2008-04-20 20:52:46 0 d-------- C:\Programmer\Picasa2
2008-04-19 11:20:30 0 d-------- C:\Programmer\7-Zip
2008-04-18 21:26:09 0 d-------- C:\Documents and Settings\Chr\Application Data\Avira
2008-04-18 21:23:39 0 d-------- C:\Programmer\Avira
2008-04-14 19:04:47 0 d-------- C:\Programmer\jtk374en
2008-04-14 12:18:57 0 d-------- C:\Programmer\Fælles filer\Nokia
2008-04-14 12:18:56 0 d-------- C:\Programmer\Fælles filer
2008-04-14 12:18:56 0 d-------- C:\Programmer\Fælles filer\PCSuite
2008-04-14 12:17:54 0 d-------- C:\Programmer\PC Connectivity Solution
2008-04-12 15:00:32 0 d-------- C:\Documents and Settings\Chr\Application Data\ATI
2008-04-12 14:58:42 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-12 14:56:50 0 d-------- C:\Programmer\ATI Technologies
2008-02-25 21:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [06-12-2007 09:20]
"RTHDCPL"="RTHDCPL.EXE" [10-12-2005 00:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04-05-2005 03:43 C:\WINDOWS\Alcmtr.exe]
"THotkey"="C:\Programmer\Toshiba\Toshiba Applet\thotkey.exe" [05-01-2006 14:02]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [16-09-2005 13:48 C:\WINDOWS\system32\TDispVol.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06-10-2005 05:20]
"SynTPStart"="C:\Programmer\Synaptics\SynTP\SynTPStart.exe" [29-10-2007 07:02]
"ISTray"="C:\Programmer\Spyware Doctor\pctsTray.exe" [01-02-2008 12:55]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21-01-2008 12:17]
"avgnt"="C:\Programmer\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [12-02-2008 10:06]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [20-04-2008 20:44]
"TPSMain"="TPSMain.exe" [03-08-2005 15:42 C:\WINDOWS\system32\TPSMain.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14-04-2008 18:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Programmer\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Chr\Menuen Start\Programmer\Start\
Hurtig start af Microsoft Office OneNote 2003.lnk - C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE [19-04-2007 14:49:52]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Bluetooth Manager.lnk - C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [07-12-2005 14:01:32]
Google Updater.lnk - C:\Programmer\Google\Google Updater\GoogleUpdater.exe [20-04-2008 20:43:45]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [10-12-2007 00:59:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - PGFILTER
*Newly Created Service* - SYSMONLOG



-- End of Deckard's System Scanner: finished at 2008-05-20 23:34:46 ------------


(whoops, enabling email notification.)

Deactivated link just in case. ~ OB


Edited by Orange Blossom, 11 February 2013 - 01:11 AM.


BC AdBot (Login to Remove)

 


m

#2 chrhx

chrhx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 23 May 2008 - 08:11 PM

I've uploaded a screenshot of some of the spyware doctor log if that's any help.
Screenshot - spyware doctor log

#3 Sp0nge

Sp0nge

  • Members
  • 643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, Australia
  • Local time:12:21 AM

Posted 17 June 2008 - 02:44 AM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Deckard's System Scanner (DSS)

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


Kaspersky Webscanner

Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Thanks

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:12:21 AM

Posted 24 June 2008 - 08:44 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users