|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
02-12-2008, 05:36 PM
|
#1 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 1
OS: Windows XP SP3
|
Hijackthis log
Lately been experiencing slower download speeds, Firefox sometimes giving a "time out" message when browsing (can continue by pressing 'Try again' thou), a new "Internet Gateway" has shown up among my Network Connections, I can't remove it, getting the message "The connection is currently busy with a connect or disconnect operation" whenever I try (even with internet unplugged). Also some applications (such as DC++) give me error messages like "Connection was closed by client software" (with client being me of course). Could this be malware/virus or anything like it? Here are my logs:
From DSS: Deckard's System Scanner v20071014.68 Run by Joakim on 2008-02-13 01:12:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 19: 2008-02-13 00:12:34 UTC - RP263 - Deckard's System Scanner Restore Point 18: 2008-02-12 22:50:41 UTC - RP262 - Installed ESET NOD32 Antivirus 17: 2008-02-12 22:37:16 UTC - RP261 - Removed Kaspersky Anti-Virus 7.0. 16: 2008-02-12 16:54:07 UTC - RP260 - Installed Windows Media Format Runtime 15: 2008-02-12 16:36:02 UTC - RP259 - Installed Conflict Denied Ops. -- First Restore Point -- 1: 2008-02-08 17:08:13 UTC - RP245 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive I: has 15.15 GiB (less than 15%) free. -- HijackThis (run as Joakim.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:16:46, on 2008-02-13 Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\ATKKBService.exe I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe I:\Program Files\PerfectDisk2008\PD91Agent.exe I:\Program Files\Cyberlink\Shared files\RichVideo.exe I:\Program Files\UPHClean\uphclean.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\WgaTray.exe I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE I:\WINDOWS\system32\ctfmon.exe I:\Program Files\DAEMON Tools Pro\DTProAgent.exe I:\Program Files\Messenger\msmsgs.exe I:\Program Files\Samurize\Client.exe I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe I:\WINDOWS\System32\svchost.exe I:\Program Files\ASUS SmartDoctor\SmartDoctor.exe I:\Documents and Settings\Joakim\My Documents\Installationsfiler\dss.exe I:\Program Files\uTorrent\uTorrent.exe I:\PROGRA~1\HIJACK~1\Joakim.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [egui] "I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ASUS SmartDoctor] I:\Program Files\ASUS SmartDoctorSmartDoctor.exe /start O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "I:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Client Default.lnk = I:\Program Files\Samurize\Client.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A770C839-C234-4E55-B4D0-CA1D962F0612}: NameServer = 195.67.199.42,195.67.199.43 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe O23 - Service: d2cs service (d2cs) - Unknown owner - I:\Documents and Settings\Joakim\Desktop\pvpgn-1.8.2\d2csConsole.exe (file missing) O23 - Service: d2dbs service (d2dbs) - Unknown owner - I:\Documents and Settings\Joakim\Desktop\pvpgn-1.8.2\d2dbsConsole.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - I:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\PerfectDisk2008\PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\PerfectDisk2008\PD91Engine.exe O23 - Service: PvPGN service (pvpgn) - Unknown owner - I:\Documents and Settings\Joakim\Desktop\pvpgn-1.8.2\PvPGNConsole.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\Cyberlink\Shared files\RichVideo.exe -- End of file - 6775 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* .js - JSFile - DefaultIcon - "I:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7 .js - JSFile - shell\open\command - "I:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 asuskbnt (Enhanced Display Driver Helper Service) - i:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.> R1 SCDEmu - i:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 EIO - i:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT> R3 Video3D (ASUS Video3D Service) - i:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver> R4 atidgllk - i:\windows\atidgllk.sys <Not Verified; Overclocking Tool; Overclocking Tool> S1 ATITool (ATITool Overclocking Utility) - i:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver> S3 AgereSoftModem (Agere Systems Soft Modem) - i:\windows\system32\drivers\agrsm.sys (file missing) S3 mcdbus (Driver for MagicISO SCSI Host Controller) - i:\windows\system32\drivers\mcdbus.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ATKKeyboardService (ATK Keyboard Service) - i:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service> R2 UPHClean (User Profile Hive Cleanup) - i:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service> S2 d2cs (d2cs service) - i:\documents and settings\joakim\desktop\pvpgn-1.8.2\d2csconsole.exe --service (file missing) S2 d2dbs (d2dbs service) - i:\documents and settings\joakim\desktop\pvpgn-1.8.2\d2dbsconsole.exe --service (file missing) S2 pvpgn (PvPGN service) - i:\documents and settings\joakim\desktop\pvpgn-1.8.2\pvpgnconsole.exe --service (file missing) S3 FLEXnet Licensing Service - "i:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "i:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOT\NET\0000 Manufacturer: LogMeIn, Inc. Name: Hamachi Network Interface PNP Device ID: ROOT\NET\0000 Service: hamachi -- Files created between 2008-01-13 and 2008-02-13 ----------------------------- 2008-02-12 23:50:44 0 d-------- I:\Documents and Settings\All Users\Application Data\ESET 2008-02-12 23:42:27 262144 --a------ I:\WINDOWS\system32\default_user_class.dat 2008-02-12 23:19:55 0 d-------- I:\WINDOWS\vbSkinner 2008-02-12 23:19:19 0 d-------- I:\Program Files\PFConfig 2008-02-12 21:44:13 0 d-------- I:\Program Files\DC++ 2008-02-12 19:22:32 4212 ---h----- I:\WINDOWS\system32\zllictbl.dat 2008-02-12 19:21:22 0 d-------- I:\WINDOWS\Internet Logs 2008-02-12 17:36:06 0 d-------- I:\Program Files\Conflict Denied Ops 2008-02-10 23:42:17 0 d-------- I:\Program Files\Malicious Software Removal Tool 2008-02-10 23:38:05 0 d-------- I:\Program Files\UPHClean 2008-02-10 23:37:33 0 d-------- I:\Program Files\HighMAT CD Writing Wizard 2008-02-10 23:37:28 0 d-------- I:\WINDOWS\Downloaded Installations 2008-02-10 23:35:20 0 d-------- I:\WINDOWS\system32\URTTEMP 2008-02-10 23:29:00 40960 --a------ I:\WINDOWS\system32\SSUBTMR6.DLL <Not Verified; vbAccelerator; SSubTmr6> 2008-02-10 23:29:00 10752 --a------ I:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL> 2008-02-10 23:17:33 0 d-------- I:\Program Files\AutoPatcher 2008-02-10 20:55:25 0 d-------- I:\Program Files\WindowBlinds 2008-02-10 19:48:46 0 d-------- I:\Documents and Settings\Joakim\Application Data\Innovatools 2008-02-10 19:46:38 0 d-------- I:\Program Files\Desktop Commander 2008-02-10 19:18:47 0 d-------- I:\Documents and Settings\All Users\Application Data\Visual Styler 2008-02-10 19:17:48 2216448 --a------ I:\WINDOWS\system32\ntoskvs1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-02-10 19:14:47 0 d-------- I:\WINDOWS\Icons 2008-02-10 19:10:01 0 d-------- I:\Program Files\AusLogics Visual Styler 2008-02-10 19:03:10 0 d-------- I:\Program Files\StarSkin 2008-02-10 18:56:01 0 d-------- I:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-02-10 18:43:36 0 d-------- I:\Program Files\CustomIcons 2008-02-10 18:14:11 0 dr-hs---- I:\Documents and Settings\Joakim\Recent 2008-02-10 16:46:00 0 d-------- I:\Documents and Settings\Joakim\Application Data\ExportTool 2008-02-10 15:52:20 0 d-------- I:\Program Files\Samurize 2008-02-10 15:36:59 0 d-------- I:\Program Files\Cyberlink 2008-02-10 15:35:50 0 d-------- I:\Program Files\PowerDVD 2008-02-10 15:10:03 0 d-------- I:\Documents and Settings\All Users\Application Data\Raxco 2008-02-10 15:10:02 0 d-------- I:\Program Files\PerfectDisk2008 2008-02-10 15:09:37 0 d-------- I:\Documents and Settings\All Users\Application Data\Avg7 2008-02-10 15:09:13 0 d-------- I:\Program Files\PerfectDisk2008Install 2008-02-10 14:48:49 0 d-------- I:\WINDOWS\Prefetch 2008-02-10 14:41:40 0 d-------- I:\WINDOWS\system32\en 2008-02-10 14:41:40 0 d-------- I:\WINDOWS\system32\bits 2008-02-10 14:38:48 0 d-------- I:\WINDOWS\ServicePackFiles 2008-02-07 20:30:20 0 d-------- I:\Program Files\Kali95 2008-02-07 20:05:00 0 d-a------ I:\Program Files\pvpgn-1.8.2 2008-02-07 15:51:24 0 d-------- I:\Program Files\Sins of a Solar Empire 2008-02-06 18:11:51 10752 --a------ I:\WINDOWS\system32\drivers\Video3D32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver> 2008-02-06 18:11:51 196608 --a------ I:\WINDOWS\system32\drivers\nVivid.bin 2008-02-06 18:11:51 196608 --a------ I:\WINDOWS\system32\drivers\nStandard.bin 2008-02-06 18:11:51 196608 --a------ I:\WINDOWS\system32\drivers\nAsmedia.bin 2008-02-06 18:11:51 196608 --a------ I:\WINDOWS\system32\drivers\nAdvanced.bin 2008-02-06 18:11:51 8704 --a------ I:\WINDOWS\system32\drivers\Bravo.sys <Not Verified; ASMT; Microsoft(R) Windows NT(R) Operating System> 2008-02-06 18:11:51 196608 --a------ I:\WINDOWS\system32\drivers\aVivid.bin 2008-02-06 18:11:51 11008 --a------ I:\WINDOWS\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.> 2008-02-06 18:11:51 196608 --a------ I:\WINDOWS\system32\drivers\aStandard.bin 2008-02-06 18:11:51 196608 --a------ I:\WINDOWS\system32\drivers\aAsmedia.bin 2008-02-06 18:11:51 196608 --a------ I:\WINDOWS\system32\drivers\aAdvanced.bin 2008-02-06 18:11:51 110592 --a------ I:\WINDOWS\R5ClkLib.dll <Not Verified; ; Overclocker> 2008-02-06 18:11:51 114688 --a------ I:\WINDOWS\OneTouchVga.dll <Not Verified; ASUSTek; ASUS OneTouchVga> 2008-02-06 18:11:51 20480 --a------ I:\WINDOWS\HyperDrive.exe <Not Verified; ; HyperDrive Application> 2008-02-06 18:11:51 15360 --a------ I:\WINDOWS\EIO64.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT> 2008-02-06 18:11:51 12288 --a------ I:\WINDOWS\EIO.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT> 2008-02-06 18:11:51 90112 --a------ I:\WINDOWS\EIO.dll <Not Verified; ASUSTek Computer Inc.,; ASUS EIO.DLL> 2008-02-06 18:11:51 258560 --a------ I:\WINDOWS\ATKKBService.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service> 2008-02-06 18:11:51 163840 --a------ I:\WINDOWS\atistclk.dll <Not Verified; ATI Technologies Inc.; ATI WinClk DLL> 2008-02-06 18:11:51 188416 --a------ I:\WINDOWS\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component> 2008-02-06 18:11:51 7680 --a------ I:\WINDOWS\atillk64.sys <Not Verified; Overclocking Tool; Overclocking Tool> 2008-02-06 18:11:51 15872 --a------ I:\WINDOWS\atikia64.sys <Not Verified; Overclocking Tool; Overclocking Tool> 2008-02-06 18:11:51 5376 --a------ I:\WINDOWS\atidgllk.sys <Not Verified; Overclocking Tool; Overclocking Tool> 2008-02-06 18:11:51 639046 --a------ I:\WINDOWS\aticlocklib.dll 2008-02-06 18:11:51 73728 --a------ I:\WINDOWS\ASUSRC.dll <Not Verified; ASUS; ASUSRC> 2008-02-06 18:11:50 944128 --a------ I:\WINDOWS\system32\ATKOSDX32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS On-Screen Display For 3D Game> 2008-02-06 18:11:50 11136 --a------ I:\WINDOWS\system32\ATKOSDMini.DLL 2008-02-06 18:11:50 1695744 --a------ I:\WINDOWS\system32\ATKDispCPL.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS Display Property Page> 2008-02-06 18:11:50 249216 --a------ I:\WINDOWS\system32\ATKDISP.dll <Not Verified; ASUSTeK Computer Inc.; ASUS Windows 2000/XP Display Driver> 2008-02-06 18:11:50 46080 --a------ I:\WINDOWS\system32\aseng.dll 2008-02-06 18:11:49 39424 --a------ I:\WINDOWS\system32\ATKOGL32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUSTeK Computer Inc. AsusOGL> 2008-02-05 23:04:09 0 d-------- I:\Program Files\ASUS SmartDoctor 2008-02-05 17:21:56 0 d--h----- I:\WINDOWS\PIF 2008-02-05 17:00:34 0 d-------- I:\Program Files\EVEREST Corporate + Ultimate Edition 2008-02-05 16:21:34 0 d-------- I:\Documents and Settings\All Users\Application Data\ATI 2008-02-05 16:16:58 593920 -----n--- I:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-02-05 16:16:35 0 d-------- I:\Program Files\ATI Technologies 2008-02-05 16:15:23 0 d-------- I:\ATIDriver 2008-02-05 16:04:52 4096 --a------ I:\WINDOWS\system32\crash 2008-02-05 15:14:23 0 d-------- I:\Program Files\RivaTuner v2.06 2008-02-03 15:49:57 0 d-------- I:\Program Files\Doom 3 2008-02-03 14:13:21 286720 -----n--- I:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows> 2008-02-03 14:13:18 73216 --a------ I:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-02-02 21:34:55 0 d-------- I:\WINDOWS\Options 2008-01-31 20:02:51 0 d-------- I:\Program Files\Rainbow Six Vegas 2008-01-29 20:04:15 0 d-------- I:\Program Files\Serious Sam - The Second Encounter 2008-01-29 15:26:53 0 d-------- I:\Program Files\Lego Star Wars II 2008-01-29 12:30:00 0 d-------- I:\WINDOWS\CSC 2008-01-27 18:43:34 0 d-------- I:\WINDOWS\system32\XPSViewer 2008-01-27 18:43:29 0 d-------- I:\Program Files\Reference Assemblies 2008-01-27 16:57:51 0 d-------- I:\Swsetup2 2008-01-27 15:14:10 0 d-------- I:\WINDOWS\SxsCaPendDel 2008-01-26 23:45:42 0 d-------- I:\Program Files\Splinter Cell Double Agent 2008-01-26 23:07:51 0 d-------- I:\Documents and Settings\Joakim\Application Data\InstallShield Installation Information 2008-01-26 22:52:57 0 d-------- I:\Program Files\Unreal Tournament 3 2008-01-26 22:03:14 0 d-------- I:\Program Files\Medieval II Total War 2008-01-25 15:16:32 0 d-------- I:\Documents and Settings\All Users\Application Data\Ubisoft 2008-01-25 01:41:55 0 d-------- I:\Documents and Settings\All Users\Application Data\TrackMania United 2008-01-24 22:28:13 0 d-------- I:\WINDOWS\system32\Defaults 2008-01-24 22:26:46 3072 --a------ I:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library> 2008-01-24 22:26:46 10240 --a------ I:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product> 2008-01-24 22:26:45 0 d-------- I:\Program Files\Creative 2008-01-24 22:04:22 0 d-------- I:\Program Files\TrackMania United 2008-01-24 19:01:04 0 d-------- I:\WINDOWS\pss 2008-01-24 13:55:29 0 --a------ I:\WINDOWS\ativpsrm.bin 2008-01-24 13:27:58 0 d-------- I:\Program Files\Kane and Lynch Dead Men 2008-01-24 13:25:42 0 d-------- I:\WINDOWS\system32\xlive 2008-01-22 20:14:08 0 d-------- I:\Program Files\BroodWar_Ai_Project 2008-01-22 18:52:43 0 d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-22 18:49:22 0 d-------- I:\Program Files\Windows Doctor 2008-01-21 22:20:03 32768 --a------ I:\WINDOWS\system32\mf.dll 2008-01-21 13:20:23 0 d-------- I:\Documents and Settings\Joakim\My Games 2008-01-21 13:19:59 0 d-------- I:\Documents and Settings\All Users\Microsoft 2008-01-21 12:26:28 0 d-------- I:\Program Files\Ubisoft 2008-01-20 21:39:32 0 d-------- I:\Documents and Settings\Joakim\Application Data\DAEMON Tools Pro 2008-01-20 21:39:02 0 d-------- I:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2008-01-20 21:33:27 0 d-------- I:\Program Files\DAEMON Tools Pro 2008-01-20 21:24:56 32949 --a------ I:\WINDOWS\scunin.dat 2008-01-20 21:24:53 967 --a------ I:\WINDOWS\ScUnin.pif 2008-01-20 21:24:53 94208 --a------ I:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller> 2008-01-20 21:24:45 0 d-------- I:\Program Files\Starcraft 2008-01-20 19:39:25 16 --a------ I:\WINDOWS\popcinfo.dat 2008-01-20 19:37:47 720896 --a------ I:\WINDOWS\iun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2008-01-20 19:37:41 0 d-------- I:\Program Files\Bejeweled 2 Deluxe 2008-01-20 19:05:05 0 d-------- I:\Documents and Settings\Joakim\Application Data\DAEMON Tools 2008-01-20 15:51:30 0 d-------- I:\Scenario 2008-01-18 13:38:27 0 d-------- I:\Documents and Settings\Joakim\Logs 2008-01-18 00:59:46 0 d-------- I:\Documents and Settings\Joakim\Application Data\Microsoft Games 2008-01-18 00:54:34 0 d-------- I:\Program Files\Microsoft Games -- Find3M Report --------------------------------------------------------------- 2008-02-13 01:20:57 0 d-------- I:\Documents and Settings\Joakim\Application Data\uTorrent 2008-02-12 20:31:43 0 d-------- I:\Program Files\MSN Messenger 2008-02-10 18:55:58 0 d-------- I:\Program Files\Common Files\Wise Installation Wizard 2008-02-10 17:30:58 0 d-------- I:\Program Files\Winamp 2008-02-10 15:38:26 0 d--h----- I:\Program Files\InstallShield Installation Information 2008-02-10 15:23:50 0 d-------- I:\Program Files\CoD 4 - Modern Warfare 2008-02-10 14:42:10 0 d-------- I:\Program Files\Messenger 2008-02-10 14:41:39 0 d-------- I:\Program Files\Movie Maker 2008-02-10 14:38:30 0 d-------- I:\Program Files\Windows NT 2008-02-09 20:05:09 0 d-------- I:\Program Files\uTorrent 2008-02-07 23:26:05 0 d-------- I:\Documents and Settings\Joakim\Application Data\Hamachi 2008-02-03 15:33:32 0 d-------- I:\Program Files\DiRT 2008-01-27 18:43:39 0 d-------- I:\Program Files\MSBuild 2008-01-25 23:59:45 0 d-------- I:\Program Files\Civilization 4 2008-01-24 22:27:36 0 d-------- I:\Documents and Settings\Joakim\Application Data\Creative 2008-01-24 15:09:12 0 d-------- I:\Documents and Settings\Joakim\Application Data\ATI 2008-01-22 13:44:13 0 d-------- I:\Program Files\Common Files 2008-01-22 12:17:26 0 d-------- I:\Program Files\Fraps3 2008-01-20 20:31:37 0 d-------- I:\Documents and Settings\Joakim\Application Data\Adobe 2008-01-20 19:21:23 0 d-------- I:\Program Files\Age of Empires III 2008-01-10 21:46:16 0 d-------- I:\Program Files\Need for Speed Most Wanted - Black Edition 2008-01-10 19:30:16 0 d-------- I:\Program Files\Common Files\Adobe 2008-01-06 03:03:10 0 d-------- I:\Program Files\Black & White 2 2008-01-05 23:48:24 0 d-------- I:\Documents and Settings\Joakim\Application Data\Skype 2008-01-05 21:54:04 0 d-------- I:\Program Files\Valve 2008-01-05 15:31:37 0 d-------- I:\Program Files\Skype 2008-01-05 15:31:34 0 d-------- I:\Program Files\Common Files\Skype 2008-01-05 02:22:51 0 d-------- I:\Program Files\OpenAL 2007-12-28 16:41:25 0 d-------- I:\Program Files\The All-Seeing Eye 2007-12-27 19:08:28 0 d-------- I:\Program Files\Zeus 2007-12-27 16:17:31 0 d-------- I:\Program Files\Sierra On-Line 2007-12-25 17:27:53 0 d-------- I:\Program Files\AGEIA Technologies 2007-12-23 13:03:39 0 d-------- I:\Program Files\Hamachi 2007-12-21 12:10:10 0 d-------- I:\Program Files\Caesar IV 2007-12-20 13:49:04 0 d-------- I:\Documents and Settings\Joakim\Application Data\InstallShield 2007-12-18 19:05:13 2065 --a------ I:\WINDOWS\mozver.dat 2007-12-18 19:04:23 0 d-------- I:\Documents and Settings\Joakim\Application Data\Sun 2007-12-18 19:04:12 0 d-------- I:\Program Files\Java 2007-12-18 19:02:41 0 d-------- I:\Program Files\Common Files\Java 2007-12-17 18:14:36 0 d-------- I:\Program Files\7-Zip 2007-12-16 15:48:14 0 d-------- I:\Documents and Settings\Joakim\Application Data\mIRC 2007-12-16 14:20:27 0 d-------- I:\Program Files\mIRC 2007-11-21 19:23:54 81920 --a------ I:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "egui"="I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2008-01-26 06:57] "MsnMsgr"="I:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "ASUS SmartDoctor"="I:\Program Files\ASUS SmartDoctorSmartDoctor.exe" [] "DAEMON Tools Pro Agent"="I:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08] "MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2008-01-26 06:57] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "ShowDeskFix"=regsvr32 /s /n /i:u shell32 I:\Documents and Settings\Joakim\Start Menu\Programs\Startup\ Client Default.lnk - I:\Program Files\Samurize\Client.exe [2007-04-07 21:02:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] I:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] I:\Program Files\WindowBlinds\wbsrv.dll 2008-02-10 20:57 229376 I:\Program Files\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] I:\Program Files\Cyberlink\Shared Files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "I:\Program Files\PowerDVD\Language\Language.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "I:\Program Files\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "IDriverT"=3 (0x3) "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde84454-c797-11dc-a653-00112f8d20f1}] AutoRun\command- J:\autorun.exe autorun.hta [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3414ab5-b97c-11dc-a626-00112f8d20f1}] AutoRun\command- M:\CDCheck.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3414ab6-b97c-11dc-a626-00112f8d20f1}] AutoRun\command- N:\autorun.exe directx\command- N:\DirectX9\dxsetup.exe setup\command- N:\setup.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 cohlive-1.quazal.net 127.0.0.1 cohlive.quazal.net -- End of Deckard's System Scanner: finished at 2008-02-13 01:21:39 ------------ And from Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:36:24, on 2008-02-13 Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\ATKKBService.exe I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe I:\Program Files\PerfectDisk2008\PD91Agent.exe I:\Program Files\Cyberlink\Shared files\RichVideo.exe I:\Program Files\UPHClean\uphclean.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\WgaTray.exe I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE I:\WINDOWS\system32\ctfmon.exe I:\Program Files\DAEMON Tools Pro\DTProAgent.exe I:\Program Files\Messenger\msmsgs.exe I:\Program Files\Samurize\Client.exe I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe I:\WINDOWS\System32\svchost.exe I:\Program Files\ASUS SmartDoctor\SmartDoctor.exe I:\PROGRA~1\Mozilla Firefox\firefox.exe I:\WINDOWS\system32\rundll32.exe I:\WINDOWS\system32\wuauclt.exe I:\WINDOWS\system32\msiexec.exe I:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe I:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [egui] "I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ASUS SmartDoctor] I:\Program Files\ASUS SmartDoctorSmartDoctor.exe /start O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "I:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Client Default.lnk = I:\Program Files\Samurize\Client.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A770C839-C234-4E55-B4D0-CA1D962F0612}: NameServer = 195.67.199.42,195.67.199.43 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe O23 - Service: d2cs service (d2cs) - Unknown owner - I:\Documents and Settings\Joakim\Desktop\pvpgn-1.8.2\d2csConsole.exe (file missing) O23 - Service: d2dbs service (d2dbs) - Unknown owner - I:\Documents and Settings\Joakim\Desktop\pvpgn-1.8.2\d2dbsConsole.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - I:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\PerfectDisk2008\PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\PerfectDisk2008\PD91Engine.exe O23 - Service: PvPGN service (pvpgn) - Unknown owner - I:\Documents and Settings\Joakim\Desktop\pvpgn-1.8.2\PvPGNConsole.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\Cyberlink\Shared files\RichVideo.exe -- End of file - 6872 bytes and the "extra.txt" is attached. Thanks in advance! |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
| Thread Tools | |
|
|
