Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ads popping up, and some program crashing.. [CLOSED]

Started by Conan85 , Aug 12 2008 04:47 AM

  • This topic is locked This topic is locked

#1
Conan85
Posted 12 August 2008 - 04:47 AM

Conan85

    Member

  • Member
  • PipPip
  • 60 posts
I got ads popping up every minute, even though im on sites that dont have pop ups.

Ive also hade some program crashes lately wich Ive almost never experienced before. Please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:26, on 12.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\LimeWire\LimeWire.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [A00F13773B0.exe] C:\DOCUME~1\Torstein\LOKALE~1\Temp\_A00F13773B0.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programfiler\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programfiler\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1151161646328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://yukongold.mi...ld/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D18C051D-CC8B-4F64-8705-7B9A984D10C4}: NameServer = 192.168.1.1
O20 - Winlogon Notify: __c00C212F - C:\WINDOWS\system32\__c00C212F.dat
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 10450 bytes
  • 0

Advertisements

#2
BHowett
Posted 15 August 2008 - 03:19 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hello Conan85, and welcome back to Geeks To Go! My name is BHowett and I will be helping you to get sorted.

Sorry for the delay, as you can tell we are very busy here.


ComboFix

Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Conan85
Posted 15 August 2008 - 03:47 PM

Conan85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
ComboFix 08-08-14.05 - Torstein 2008-08-15 23:25:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.525 [GMT 2:00]
Running from: C:\Documents and Settings\Torstein\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Torstein\Cookies\torstein@2o7[2].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@adtrgt[3].txt
C:\Documents and Settings\Torstein\Cookies\torstein@advertising[1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@aftonbladet[2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@aggregateknowledge[2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@clicktorrent[2].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][2].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@go[1].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@indextools[2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@insightexpressai[1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@minnesparere[1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@revsci[1].txt
C:\Documents and Settings\Torstein\Cookies\torstein@serving-sys[2].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@statcounter[1].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][3].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][2].txt
C:\Documents and Settings\Torstein\Cookies\torstein@tradedoubler[1].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][1].txt
C:\Documents and Settings\Torstein\Cookies\[email protected][1].txt
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\#SharedObjects\B35G4LCJ\interclick.com
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\#SharedObjects\B35G4LCJ\interclick.com\ud.sol
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\#SharedObjects\B35G4LCJ\www.broadcaster.com
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Torstein\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Programfiler\Fellesfiler\{7C16E~1
C:\WINDOWS\asks~1
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\__c00C212F.dat
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\klkkj.tmp
C:\WINDOWS\system32\kotgbjos.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\wapicc.exe
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-12 02:03 . 2008-08-12 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft
2008-08-11 01:45 . 2008-08-11 01:45 <DIR> d-------- C:\Programfiler\Avira
2008-08-11 01:45 . 2008-08-11 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira
2008-08-11 00:08 . 2008-08-11 00:08 <DIR> d-------- C:\Documents and Settings\Torstein\Programdata\Command & Conquer 3 Kane's Wrath
2008-08-10 23:12 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-10 23:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-08-10 23:12 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-10 23:12 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-08-10 23:12 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-08-10 23:12 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-08-10 23:02 . 2008-08-10 23:02 <DIR> d-------- C:\Programfiler\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 11:22 --------- d-----w C:\Programfiler\AmiBroker
2008-08-10 22:32 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-04 23:16 --------- d-----w C:\Programfiler\PartyGaming
2008-07-14 01:48 --------- d-----w C:\Programfiler\Betsafe Poker
2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-01 00:43 --------- d-----w C:\Documents and Settings\Torstein\Programdata\ArcSoft
2008-06-30 00:19 --------- d-----w C:\Documents and Settings\Torstein\Programdata\Microgaming
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-02-04 17:18 87,608 ----a-w C:\Documents and Settings\Torstein\Programdata\ezpinst.exe
2007-02-04 17:18 47,360 ----a-w C:\Documents and Settings\Torstein\Programdata\pcouffin.sys
2006-08-26 00:33 8 --sh--r C:\WINDOWS\system32\261B95E57E.sys
2006-08-26 00:33 2,514 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-29 16:52 15360]
"Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"VolPanel"="C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648]
"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07 40960]
"Omnipage"="C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 21:01 49152]
"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 08:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"CTHelper"="CTHELPER.EXE" [2005-08-08 00:10 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 00:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-29 16:51 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-29 16:52 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
BTTray.lnk - C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe [2005-08-24 15:06:54 577597]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\BitComet\\BitComet.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\MSN Messenger\\msncall.exe"=
"C:\\StubInstaller.exe"=
"C:\\Programfiler\\LimeWire\\LimeWire.exe"=
"C:\\Programfiler\\LimeWire\\uninstall.exe"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\Betsafe Poker\\UA.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programfiler\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Dokumenter\\Mine videoer\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15154:TCP"= 15154:TCP:BitComet 15154 TCP
"15154:UDP"= 15154:UDP:BitComet 15154 UDP
"8715:TCP"= 8715:TCP:BitComet 8715 TCP
"8715:UDP"= 8715:UDP:BitComet 8715 UDP
"49152:TCP"= 49152:TCP:BitComet 49152 TCP
"49152:UDP"= 49152:UDP:BitComet 49152 UDP
"65534:TCP"= 65534:TCP:BitComet 65534 TCP
"65534:UDP"= 65534:UDP:BitComet 65534 UDP
"13778:TCP"= 13778:TCP:BitComet 13778 TCP
"13778:UDP"= 13778:UDP:BitComet 13778 UDP
"45024:TCP"= 45024:TCP:BitComet 45024 TCP
"45024:UDP"= 45024:UDP:BitComet 45024 UDP
"9218:TCP"= 9218:TCP:BitComet 9218 TCP
"9218:UDP"= 9218:UDP:BitComet 9218 UDP
"45000:TCP"= 45000:TCP:BitComet 45000 TCP
"45000:UDP"= 45000:UDP:BitComet 45000 UDP
"29156:TCP"= 29156:TCP:BitComet 29156 TCP
"29156:UDP"= 29156:UDP:BitComet 29156 UDP

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2006-07-27 18:50]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 23:54]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - ~C:\Programfiler\MSN Messenger\msnmsgr.exe
Notify-__c00C212F - C:\WINDOWS\system32\__c00C212F.dat


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Torstein\Programdata\Mozilla\Firefox\Profiles\9goxpogy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.sol.no/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 23:36:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\Programfiler\Belkin\Bluetooth-programvare\BTStackServer.exe
C:\Programfiler\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-15 23:44:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 21:44:23

Pre-Run: 28,247,957,504 byte ledig
Post-Run: 29,151,920,128 byte ledig

208 --- E O F --- 2008-08-14 18:37:00









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:19, on 15.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\Belkin\Bluetooth-programvare\BTTray.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\Programfiler\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programfiler\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programfiler\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1151161646328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://yukongold.mi...ld/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D18C051D-CC8B-4F64-8705-7B9A984D10C4}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Belkin\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 9898 bytes
  • 0

#4
BHowett
Posted 15 August 2008 - 04:48 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Conan85,

Did you install these programs, and do you use them?

PartyGaming
Betsafe Poker

============================================================


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

============================================================

Needed in your next reply:

Malwarebytes Log

Also let me know how your system is running, and if your still getting pop ups :)
  • 0

#5
Conan85
Posted 15 August 2008 - 05:31 PM

Conan85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Hi again :)

Yes I do use betsafe and partypoker.

Looks like the system is running tip top now. No pop ups :)

The program crahses was caused by a game i was ran I guess. Haven't had any problems with that today.


Thank you very much for help :)

Downloaded the Malwarebytes thing, but the scan didn't find anything. Didn't create a log though..
  • 0

#6
BHowett
Posted 16 August 2008 - 09:15 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Conan85,


just a few more steps to take just to make sure were not missing anything.

P2P Warning!

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current problem/infection. I would strongly suggest you remove BitComet & LimeWire. Removing can be done through Add/Remove Programs.

===============================================


Update Java


Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
===============================================

ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#7
BHowett
Posted 23 August 2008 - 06:04 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP