Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Free-viruscan.com Downloader.


  • This topic is locked This topic is locked
2 replies to this topic

#1 giraffe42

giraffe42

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 04 August 2008 - 03:12 PM

Error message reads: "Critical Error! Attention %username%! Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now! Click OK to download antispyware. (Recommended)"

X is greyed out. Clicking yes or no opens a webpage hxxp://free-viruscan.com/id/4912933/4/1/
This happens when I try to go into a folder.
NOD32 and Spybot failed to clean.


Log:
Deckard's System Scanner v20071014.68
Run by Giraffe on 2008-08-04 16:01:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.91 GiB (less than 15%) free.


-- HijackThis (run as Giraffe.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:53 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\dl\ff\dss.exe
C:\DL\FF\Giraffe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHO.tbl2 - {76086C05-4D0A-4B92-9219-2E3FE8C553F9} - C:\WINDOWS\system32\domiebho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c9 -f video -m logitech -d 10.5.0.1091 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c9 -f video -m logitech -d 10.5.0.1091 (User 'Default user')
O4 - S-1-5-18 Startup: YouTube Uploader.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: YouTube Uploader.lnk.disabled (User 'Default user')
O4 - Startup: YouTube Uploader.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.gmail.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188878647593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188878609562
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7925 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-07-31 11:09:46 0 dr-h----- C:\Documents and Settings\Giraffe\Recent
2008-07-31 10:19:47 0 d-------- C:\Program Files\CCleaner
2008-07-30 07:55:50 18432 --a------ C:\WINDOWS\system32\domiebho.dll
2008-07-30 07:55:30 18432 --a------ C:\WINDOWS\system32\hombho.dll
2008-07-30 07:54:37 18432 --a------ C:\WINDOWS\system32\sofie.dll
2008-07-30 03:17:17 0 d-------- C:\Program Files\tyr
2008-07-29 21:38:00 0 d-------- C:\tell me more kids


-- Find3M Report ---------------------------------------------------------------

2008-08-04 15:56:25 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-04 15:56:22 0 d-------- C:\Program Files\Mozilla Firefox 11
2008-08-04 01:23:50 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-08-03 23:08:33 0 d-------- C:\Documents and Settings\Giraffe\Application Data\uTorrent
2008-07-30 18:14:53 0 d-------- C:\Program Files\PeerGuardian2
2008-07-30 15:52:40 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-07-30 15:52:40 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-07-30 15:52:40 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-07-29 23:29:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 23:29:24 0 d-------- C:\Documents and Settings\Giraffe\Application Data\Adesso Systems
2008-07-27 12:13:49 0 d-------- C:\Program Files\foobar2000
2008-07-11 17:10:48 0 d-------- C:\Documents and Settings\Giraffe\Application Data\CoreFTP
2008-06-30 03:32:10 0 d-------- C:\Program Files\Soulseek-Test
2008-06-30 01:18:03 29293 --a------ C:\WINDOWS\scunin.dat
2008-06-30 01:18:01 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-30 01:18:01 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-23 01:41:00 201728 --a------ C:\WINDOWS\system32\Analogy.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-06-22 23:31:38 0 d-------- C:\Documents and Settings\Giraffe\Application Data\Mozilla
2008-06-10 22:01:15 0 d-------- C:\Program Files\P2K Programs
2008-06-08 22:17:23 0 d-------- C:\Program Files\Common Files\LogiShrd


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76086C05-4D0A-4B92-9219-2E3FE8C553F9}]
07/30/2008 07:55 AM 18432 --a------ C:\WINDOWS\system32\domiebho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 03:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 03:50 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/12/2004 09:17 AM C:\WINDOWS\system32\bthprops.cpl]
"NWEReboot"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [12/25/2006 10:49 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/14/2006 11:51 AM]
"SigmatelSysTrayApp"="stsystra.exe" [09/09/2005 06:19 PM C:\WINDOWS\stsystra.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/14/2006 04:09 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 02:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c9 -f video -m logitech -d 10.5.0.1091
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Giraffe\Start Menu\Programs\Startup\
YouTube Uploader.lnk.disabled [3/3/2008 7:33:57 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)
"SynchronousMachineGroupPolicy"=1 (0x1)
"SynchronousUserGroupPolicy"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)
"NoClose"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"=1 (0x1)
"NoSMBalloonTip"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoStartBanner"=00000000
"NoWelcomeScreen"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoThemesTab"=1 (0x1)
"ForceClassicControlPanel"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"P2kAutostart"=C:\Documents and Settings\Giraffe\Desktop\momo\P2KCommander\P2kAutostart.exe
"Google Update"="C:\Documents and Settings\Giraffe\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ecf65f-3634-11dc-a14d-444553544200}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - FLEXNET_LICENSING_SERVICE
*Newly Created Service* - SR



-- End of Deckard's System Scanner: finished at 2008-08-04 16:02:16 ------------

Deactivate link. ~ OB


Edited by Orange Blossom, 11 February 2013 - 02:03 AM.


BC AdBot (Login to Remove)

 


#2 giraffe42

giraffe42
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 04 August 2008 - 08:24 PM

Resolved.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 14 August 2008 - 06:04 AM

Now that your problem appears to be resolved, this thread will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users