AshTheGamer Posted April 9, 2010 Share Posted April 9, 2010 Hello all,I switched my PC on the other day and started getting pop up's in IE every 30 minutes.I have tried scanning with Kaspersky 2010 but nothing!Screenshot below:Please help :/ Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 try using Trojan Remover and MBAM Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Installing now we will see what the outcome is.... Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 BTW What OS are you using? Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Windows 7 Ultimate 32bit. Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 :o I have never seen before a virus gathering access to Windows Seven. Well, scan with trojan and MBAM and let's see. Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Scanning now with TRJ-Remover, And I have already scanned with Malware bytes and nothing. I mean I know my stuff about computers and when I get a virus I scan with malware but it has detected nothing. Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 Have you done a deep scan? Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Yes on all of them. Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 post a Hijack this log here and check if there's nothing strange running in the background and if there's nothing suspicious installed. Link to comment Share on other sites More sharing options...
shought Posted April 9, 2010 Share Posted April 9, 2010 Spybot S&D. Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 that program makes undesired changes to host file. Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Here is the Log file from HiJack this:Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 18:47:57, on 09/04/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Rcikia.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exeC:\Windows\tsnp2std.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exeC:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exeC:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXEC:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exeC:\Program Files\MSI Afterburner\MSIAfterburner.exeC:\Program Files\Xfire\Xfire.exeC:\Windows\System32\dinotify.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Windows\system32\conhost.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Windows\system32\conhost.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\mspaint.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Windows\system32\NOTEPAD.EXEC:\Users\Media\AppData\Local\Temp\Rjg.exeC:\Program Files\WinRAR\WinRAR.exeC:\Windows\system32\NOTEPAD.EXEC:\Program Files\Steam\Steam.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\SmartFTP Client\SmartFTP.exeC:\Program Files\SmartFTP Client\SmartFTP.exeC:\Program Files\Trojan Remover\Rmvtrjan.exeC:\Program Files\WinRAR\WinRAR.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\TrendMicro\HiJackThis\HiJackThis.exeC:\Windows\system32\DllHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tinylx.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 85.64.202.69:29991R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exeO4 - HKLM\..\Run: [RTSS] "C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /sO4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburnerWrapper.exe" /sO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exeO4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Media\AppData\Local\Temp\Rjg.exeO4 - HKCU\..\Run: [Printer3] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S8D4C.tmp" /EF "HKCU"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exeO4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htmO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dllO9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLLO9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dllO13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CCS\Services\Tcpip\..\{2554BA2D-D3F2-48F7-A239-281DBFE91A87}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS1\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS2\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exeO23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXEO23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXEO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.ExeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe--End of file - 11200 bytes Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 C:\Users\Media\AppData\Local\Temp\Rjg.exe this is strange. Clean temporary files and internet cache and temp files too.You've got an ADWARE. Its rare that Karspersky, MBAM and Trojan did not detect it. Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Hmm yes, I will do that now and will see what happens. Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 and don't use IE again, XD Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Done,I only use IE for sites like can I run it as it seems to be buggy in Firefox,Anyway thanks for your help! Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 tell me if pop-ups appear again, and, make a registry cleaning. It could be some trashes in there. Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Yea they are coming up again I am going to try and scan with SuperAntiSpyware Link to comment Share on other sites More sharing options...
sanjoa Posted April 9, 2010 Share Posted April 9, 2010 check IE if there is some strange add-ons installed or toolbars. Link to comment Share on other sites More sharing options...
BBs Posted April 9, 2010 Share Posted April 9, 2010 Fix all these and post again a hijackthis log.O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Media\AppData\Local\Temp\Rjg.exeO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O17 - HKLM\System\CCS\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServcodeer = 93.188.163.60,93.188.166.164O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2554BA2D-D3F2-48F7-A239-281DBFE91A87}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS1\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS2\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164I might missed one of the O17 entries, but make sure you fix all O17 entries!The O17 entires are have a red X on Hijackthis Log Scan, this means they are dangerous!PS: Make sure to restart your computer after you have fixed all the entries, then post again a Hijackthis Log!PS2: Do you know what this is? C:\Windows\Rcikia.exeI can't find it anywhere on google, try to kill it and rename it to Rcikia1.exe! And check if your popups continue!This is 99,99% some malware: O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Media\AppData\Local\Temp\Rjg.exeYou will not find anything for this because the file name and the run entry are randomed! Link to comment Share on other sites More sharing options...
oZ. Posted April 9, 2010 Share Posted April 9, 2010 Hello all,I switched my PC on the other day and started getting pop up's in IE every 30 minutes.I have tried scanning with Kaspersky 2010 but nothing!Screenshot below:Please help :/- use http://www.mozilla-europe.org/en/firefox/ (FireFox v3.6) :wub: - Internet G8y (no offense) Explorer v6, 7, 8 is for people who wants more viruses on their computers :fear: - MBAM aka MalwayreBytes AntiMalware <-- use it!!!! :dance2: =P good luck Link to comment Share on other sites More sharing options...
Administrator Lite Posted April 9, 2010 Administrator Share Posted April 9, 2010 - Internet G8y (no offense) Explorer v6, 7, 8 is for people who wants more viruses on their computers :fear: Explain this one.... Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 It has stopped opening IE ads and now starts opening Adobe Reader O.o Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Updated Hijack this log:Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 23:00:22, on 09/04/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\Rcikia.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exeC:\Windows\tsnp2std.exeC:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\MSI Afterburner\MSIAfterburner.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exeC:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXEC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Xfire\Xfire.exeC:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exeC:\Program Files\iTunes\iTunes.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Media\Desktop\Private tools and exploits\MeTuS Client 3.0.2\MeTuS_Client_3.0.2.exeC:\Program Files\WinRAR\WinRAR.exeC:\Program Files\SmartFTP Client\SmartFTP.exeC:\Program Files\No-IP\DUC20.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskhost.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\TrendMicro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tinylx.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 85.64.202.69:29991R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exeO4 - HKLM\..\Run: [RTSS] "C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /sO4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburnerWrapper.exe" /sO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exeO4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Media\AppData\Local\Temp\Rjg.exeO4 - HKCU\..\Run: [Printer3] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S8D4C.tmp" /EF "HKCU"O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exeO4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htmO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dllO9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLLO9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dllO13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CCS\Services\Tcpip\..\{2554BA2D-D3F2-48F7-A239-281DBFE91A87}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS1\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS2\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exeO23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXEO23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXEO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.ExeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe--End of file - 10777 bytes Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.