rasss Posted September 9, 2007 ID:8134 Share Posted September 9, 2007 I keep having this little window in the bottom right of my screen pop up saying download this program to get rid of virus's, what do i do to get rid of it and what is causing it. Link to post Share on other sites More sharing options...
rasss Posted September 9, 2007 Author ID:8135 Share Posted September 9, 2007 here is my HJT logLogfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 3:20:48 AM, on 9/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:G:\WINDOWS\System32\smss.exeG:\WINDOWS\system32\winlogon.exeG:\WINDOWS\system32\services.exeG:\WINDOWS\system32\lsass.exeG:\WINDOWS\system32\svchost.exeG:\WINDOWS\System32\svchost.exeG:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeG:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeG:\WINDOWS\system32\spoolsv.exeG:\WINDOWS\Explorer.EXEG:\Program Files\Analog Devices\Core\smax4pnp.exeG:\Program Files\Analog Devices\SoundMAX\Smax4.exeG:\WINDOWS\system32\RUNDLL32.EXEG:\Program Files\Common Files\Symantec Shared\ccApp.exeG:\Program Files\BitTorrent\bittorrent.exeG:\WINDOWS\ATKKBService.exeG:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeG:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeG:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeG:\WINDOWS\system32\nvsvc32.exeG:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeG:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeG:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeG:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeG:\WINDOWS\system32\wpabaln.exeG:\WINDOWS\system32\rundll32.exeG:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeG:\Program Files\Mozilla Firefox\firefox.exeG:\Documents and Settings\Moose\Desktop\HiJackThis_v2.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comO2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - [sASInprocServer32] (file missing)O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - G:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dllO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - G:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dllO3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - [sASInprocServer32] (file missing)O4 - HKLM\..\Run: [soundMAXPnP] G:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] "G:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [JMB36X IDE Setup] G:\WINDOWS\JM\JMInsIDE.exeO4 - HKLM\..\Run: [36X Raid Configurer] G:\WINDOWS\system32\JMRaidSetup.exe bootO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKCU\..\Run: [bitTorrent] "G:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimizedO4 - HKCU\..\Run: [sUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKLM\..\Policies\Explorer\Run: [user32.dll] G:\Program Files\Video ActiveX Access\iesmn.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: biisk - {f39d0dee-b2f0-4591-9187-1cc39c1df98a} - G:\WINDOWS\system32\kzpkwj.dllO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - G:\WINDOWS\ATKKBService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeO23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exeO23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 6213 bytes Link to post Share on other sites More sharing options...
rasss Posted September 10, 2007 Author ID:8142 Share Posted September 10, 2007 bump Link to post Share on other sites More sharing options...
ctrlaltdelete Posted September 10, 2007 ID:8145 Share Posted September 10, 2007 O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] G:\Program Files\Video ActiveX Access\iesmn.exeO22 - SharedTaskScheduler: biisk - {f39d0dee-b2f0-4591-9187-1cc39c1df98a} - G:\WINDOWS\system32\kzpkwj.dllShould be fixed.Use SmitFraudFix Manual and download: http://siri.geekstogo.com/SmitfraudFix.phpDownload and install the latest version HijackThis V2.0.2 here http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe and post a new log. Link to post Share on other sites More sharing options...
Recommended Posts