Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

WinAntiSpyware and lot's of other viruses/trojans!

Started by thecollectore , Nov 02 2006 03:40 PM

Please log in to reply

#1
thecollectore

Posted 02 November 2006 - 03:40 PM

Member

Member
62 posts

Hi Geekstogo!

I've got a PC that pops up with lot's of messages and a WinAntiSpyware 2006 Alert is always in the right ahnd corner. I've tried running all the programs/tools that you recommend before posting the Hijackthis. AVG Anti-Spyware found loads (see report), and I was not able to run Panda - says it could not run/innstall. Please help!

Here's the AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:10:35 02.11.2006

+ Scan result:

C:\Programfiler\WinAntiSpyware 2006 Free\lapv.dat -> Adware.DriveCleaner : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{44d22a64-2399-4edf-8b32-f2c729c1e8a7} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-3302332742-1186498088-244956915-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D22A64-2399-4EDF-8B32-F2C729C1E8A7} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-3302332742-1186498088-244956915-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-3302332742-1186498088-244956915-1007\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\base.avd -> Adware.Pesttrap : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\base001.avd -> Adware.Pesttrap : Cleaned with backup (quarantined).
C:\Programfiler\PowerCodec\iesplugin.dll -> Adware.ProtectionBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086383.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Program Files\PestTrap\Uninstall.exe -> Adware.Spysheriff : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DC6_Check -> Adware.Systemdoctor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a} -> Adware.VirusBurst : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gaonic -> Adware.VirusBurst : Cleaned with backup (quarantined).
C:\Programfiler\VirusBurster -> Adware.VirusBurster : Cleaned with backup (quarantined).
C:\Programfiler\VirusBurster\virusburster.ini -> Adware.VirusBurster : Cleaned with backup (quarantined).
C:\Programfiler\WinAntiSpyware 2006 Free\up.dat -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Programfiler\PowerCodec\pmsngr.exe -> Downloader.Zlob.aqh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP536\A0084949.exe -> Downloader.Zlob.aqh : Cleaned with backup (quarantined).
C:\Programfiler\PowerCodec\pmuninst.exe -> Downloader.Zlob.ark : Cleaned with backup (quarantined).
C:\Programfiler\PowerCodec\iesuninst.exe -> Downloader.Zlob.arl : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris\Programdata\winantispyware2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).

::Report end :blink:

And here's the Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:28:09, on 02.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\WinAntiSpyware 2006 Free\was6.exe
C:\Programfiler\Fellesfiler\WinAntiSpyware 2006 Free\uwasers.exe
C:\Programfiler\WinAntiSpyware 2006 Free\uwas6cw.exe
C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Rolf\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Skrivebord\trojan ny\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\PANELS\BLANK.HTM
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Rolf\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Rolf\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Programfiler\WinAntiSpyware 2006 Free\was6.exe" /min
O4 - HKLM\..\Run: [ERS_Check] "C:\Programfiler\Fellesfiler\WinAntiSpyware 2006 Free\uwasers.exe"
O4 - HKLM\..\Run: [uwas6cw] "C:\Programfiler\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [NvUpdater] nwiz32.exe
O4 - HKLM\..\RunServices: [CTUpdate] ctupdclt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programfiler\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kc.bar.need2f...earch.html?p=KC
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Rolf\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.0.0.58.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Rolf\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

:help:

and here's the uninstall list:

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AsRoma
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
Broadcom Management Programs
Canon i950
CC_ccProxyMSI
CC_ccStart
ccCommon
Championship Manager 01-02
Citrix Web Client
CleanUp!
CoreVorbis Audio Decoder (remove only)
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Direct Show Ogg Vorbis Filter (remove only)
Disc2Phone
ewido anti-malware
Expekt Poker
GameShadow
GTA2
HijackThis 1.99.1
IKEA Home Planner Kitchen
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
LeechFTP
LimeWire PRO 4.12.6
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Norwegian Language Pack
Microsoft Works 7.0
MSN Messenger 7.0
MSRedist
Need2Find Bar
NELK
Nimo Codecs Pack v4.4 (Remove Only)
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Security Center
Norton WMI Update
Oppdatering for Windows XP (KB894391)
Oppdatering for Windows XP (KB896727)
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB900485)
Oppdatering for Windows XP (KB910437)
Oppdatering for Windows XP (KB916595)
Oppdatering for Windows XP (KB920872)
Oppdatering for Windows XP (KB922582)
Panda ActiveScan
PowerCodec 4.0
PowerDVD 5.3
Project64 1.6
QuickTime
RevConnect
Safety Alerter 2006
Sikkerhetsoppdatering for Windows Media Player (KB911564)
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)
Sikkerhetsoppdatering for Windows XP (KB883939)
Sikkerhetsoppdatering for Windows XP (KB890046)
Sikkerhetsoppdatering for Windows XP (KB893756)
Sikkerhetsoppdatering for Windows XP (KB896358)
Sikkerhetsoppdatering for Windows XP (KB896422)
Sikkerhetsoppdatering for Windows XP (KB896423)
Sikkerhetsoppdatering for Windows XP (KB896424)
Sikkerhetsoppdatering for Windows XP (KB896428)
Sikkerhetsoppdatering for Windows XP (KB896688)
Sikkerhetsoppdatering for Windows XP (KB899587)
Sikkerhetsoppdatering for Windows XP (KB899588)
Sikkerhetsoppdatering for Windows XP (KB899591)
Sikkerhetsoppdatering for Windows XP (KB900725)
Sikkerhetsoppdatering for Windows XP (KB901017)
Sikkerhetsoppdatering for Windows XP (KB901214)
Sikkerhetsoppdatering for Windows XP (KB902400)
Sikkerhetsoppdatering for Windows XP (KB903235)
Sikkerhetsoppdatering for Windows XP (KB904706)
Sikkerhetsoppdatering for Windows XP (KB905414)
Sikkerhetsoppdatering for Windows XP (KB905749)
Sikkerhetsoppdatering for Windows XP (KB905915)
Sikkerhetsoppdatering for Windows XP (KB908519)
Sikkerhetsoppdatering for Windows XP (KB908531)
Sikkerhetsoppdatering for Windows XP (KB911280)
Sikkerhetsoppdatering for Windows XP (KB911562)
Sikkerhetsoppdatering for Windows XP (KB911567)
Sikkerhetsoppdatering for Windows XP (KB911927)
Sikkerhetsoppdatering for Windows XP (KB912812)
Sikkerhetsoppdatering for Windows XP (KB912919)
Sikkerhetsoppdatering for Windows XP (KB913446)
Sikkerhetsoppdatering for Windows XP (KB913580)
Sikkerhetsoppdatering for Windows XP (KB914388)
Sikkerhetsoppdatering for Windows XP (KB914389)
Sikkerhetsoppdatering for Windows XP (KB916281)
Sikkerhetsoppdatering for Windows XP (KB917159)
Sikkerhetsoppdatering for Windows XP (KB917344)
Sikkerhetsoppdatering for Windows XP (KB917422)
Sikkerhetsoppdatering for Windows XP (KB917953)
Sikkerhetsoppdatering for Windows XP (KB918439)
Sikkerhetsoppdatering for Windows XP (KB918899)
Sikkerhetsoppdatering for Windows XP (KB919007)
Sikkerhetsoppdatering for Windows XP (KB920214)
Sikkerhetsoppdatering for Windows XP (KB920670)
Sikkerhetsoppdatering for Windows XP (KB920683)
Sikkerhetsoppdatering for Windows XP (KB920685)
Sikkerhetsoppdatering for Windows XP (KB921398)
Sikkerhetsoppdatering for Windows XP (KB921883)
Sikkerhetsoppdatering for Windows XP (KB922616)
Sikkerhetsoppdatering for Windows XP (KB922819)
Sikkerhetsoppdatering for Windows XP (KB923191)
Sikkerhetsoppdatering for Windows XP (KB923414)
Sikkerhetsoppdatering for Windows XP (KB924191)
Sikkerhetsoppdatering for Windows XP (KB924496)
Sikkerhetsoppdatering for Windows XP (KB925486)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sony Ericsson PC Suite
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
Steam
Symantec Script Blocking Installer
Update Service
WinAntiSpyware 2006 Free 3.2.118.0
Windows Genuine Advantage Notifications
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Registry Repair Pro
Windows XP hurtigreparasjon - KB834707
Windows XP hurtigreparasjon - KB867282
Windows XP hurtigreparasjon - KB873333
Windows XP hurtigreparasjon - KB873339
Windows XP hurtigreparasjon - KB885250
Windows XP hurtigreparasjon - KB885835
Windows XP hurtigreparasjon - KB885836
Windows XP hurtigreparasjon - KB886185
Windows XP hurtigreparasjon - KB887472
Windows XP hurtigreparasjon - KB887742
Windows XP hurtigreparasjon - KB888113
Windows XP hurtigreparasjon - KB888302
Windows XP hurtigreparasjon - KB890047
Windows XP hurtigreparasjon - KB890175
Windows XP hurtigreparasjon - KB890859
Windows XP hurtigreparasjon - KB890923
Windows XP hurtigreparasjon - KB891781
Windows XP hurtigreparasjon - KB893066
Windows XP hurtigreparasjon - KB893086
XviD MPEG-4 Video Codec
Yahoo! Toolbar

:whistling:

Can you please help me?

Kind regards, thecollectore.

Edited by thecollectore, 05 November 2006 - 06:05 AM.

#2
thecollectore

Posted 05 November 2006 - 06:06 AM

Member

Topic Starter
Member
62 posts

****UPDATE****

Since I haven't heard anything I tried to help myself..... :blink:

so I've run the following:

1. Vundofix - nothing came up in the scan so there were nothing to remove..

2. Kaspersky online scanning - found 21 viruses and 48 infected objects - see the log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 05, 2006 12:28:58 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/11/2006
Kaspersky Anti-Virus database records: 238354
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 50689
Number of viruses found: 21
Number of infected objects: 48 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:53:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Programdata\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\Anne Katrine\Mine dokumenter\rolf\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Anne Katrine\Mine dokumenter\rolf\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Anne Katrine\Mine dokumenter\rolf\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Chris\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris\err.log Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Logg\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Temp\Perflib_Perfdata_444.dat Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Chris\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\Antispam\Log\Spam.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDCON.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDFW.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Programfiler\Need2Find\bar\1.bin\N2PLUGIN.DLL.tcf Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
C:\Programfiler\Need2Find\bar\1.bin\NPND2FN.DLL.tcf Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\05704473 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\06B04262 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A2B537F Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A2E7D7B Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778/stream/data0001 Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778 NSIS: infected - 2 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778 CryptFF: infected - 2 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\138122B3 Infected: not-a-virus:AdWare.Win32.Gator.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\13844CAF Infected: not-a-virus:AdWare.Win32.Gator.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\176D6CC8.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\1B0C772F Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\22B055F4 Infected: not-a-virus:AdWare.Win32.RXBar.d skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\22B37FF0 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\22B629EC Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\2340319C Infected: not-a-virus:AdWare.Win32.Gator.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\25654098 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\2626401B Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\30BA6952 Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\35261666 Infected: not-a-virus:[bleep]-Dialer.Win32.Intexdial skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\35411AC8 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\41690F59 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\43560686 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\45EF2C6F Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\48A82375 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\4B946F21 Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\4C9961E9 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\57D47FE7/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\57D47FE7 NSIS: infected - 1 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\57D47FE7 CryptFF: infected - 1 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\5A9B4528.exe Infected: Backdoor.Win32.Rbot.ig skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\5F9D6299 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\6BEF1E1B/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\6BEF1E1B NSIS: infected - 1 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\6BEF1E1B CryptFF: infected - 1 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\741B50A9 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\76036631 Infected: Backdoor.Win32.VBbot.a skipped
C:\Programfiler\PowerCodec\isaddon.dll Infected: Trojan-Downloader.Win32.Zlob.aqk skipped
C:\Programfiler\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#data Object is locked skipped
C:\Programfiler\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#data Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086390.exe Infected: Trojan-Downloader.Win32.Zlob.arl skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086391.exe Infected: Trojan-Downloader.Win32.Zlob.aqh skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086392.exe Infected: Trojan-Downloader.Win32.Zlob.ark skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086394.dll Infected: not-a-virus:AdWare.Win32.ProtectionBar.l skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086396.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP544\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{62DDF39C-F1F9-4627-842F-19004BE7E48A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\tazth.dll Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

3. I also tried downloading SmitFraudfix, but when running it it says process.exe is missing (could it be that Kaspersky removed the process.exe??)

4. Here's the latest Hijackthis log after my desperate attempts:

Logfile of HijackThis v1.99.1
Scan saved at 11:05:51, on 05.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Rolf\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\WinAntiSpyware 2006 Free\was6.exe
C:\Programfiler\Fellesfiler\WinAntiSpyware 2006 Free\uwasers.exe
C:\Programfiler\WinAntiSpyware 2006 Free\uwas6cw.exe
C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe
C:\Programfiler\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Skrivebord\trojan ny\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\PANELS\BLANK.HTM
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Rolf\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Rolf\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Programfiler\WinAntiSpyware 2006 Free\was6.exe" /min
O4 - HKLM\..\Run: [ERS_Check] "C:\Programfiler\Fellesfiler\WinAntiSpyware 2006 Free\uwasers.exe"
O4 - HKLM\..\Run: [uwas6cw] "C:\Programfiler\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\RunServices: [NvUpdater] nwiz32.exe
O4 - HKLM\..\RunServices: [CTUpdate] ctupdclt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programfiler\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kc.bar.need2f...earch.html?p=KC
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Rolf\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.0.0.58.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Rolf\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

HOPE TO GET SOME HELP SOON :whistling:

#3
Buckeye_Sam

Posted 05 November 2006 - 08:06 AM

Malware Expert

Member
10,019 posts

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Let's start with a few things that I see in your uninstall list that we may be able to remove easily.
Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Need2Find Bar
Safety Alerter 2006
WinAntiSpyware 2006 Free 3.2.118.0

Don't be concerned if these give you errors upon uninstallation. We'll take care of any remnants manually.

Since you are running Norton and AVG antivirus, I would recommend that you uninstall one of these programs. Running two antivirus programs at the same time can cause problems and should not be done.

You can keep AVG Antispyware. It won't cause any conflicts.

============

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Programfiler\WinAntiSpyware 2006 Free\was6.exe" /min
O4 - HKLM\..\Run: [ERS_Check] "C:\Programfiler\Fellesfiler\WinAntiSpyware 2006 Free\uwasers.exe"
O4 - HKLM\..\Run: [uwas6cw] "C:\Programfiler\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKLM\..\RunServices: [NvUpdater] nwiz32.exe
O4 - HKLM\..\RunServices: [CTUpdate] ctupdclt.exe
O8 - Extra context menu item: &Search - http://kc.bar.need2f...earch.html?p=KC
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

===========

Reboot your computer.

===========

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#4
thecollectore

Posted 05 November 2006 - 09:18 AM

Member

Topic Starter
Member
62 posts

Hi Sam

am I glad to see you! :rofl:

Ok, I removed

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Safety Alerter 2006
WinAntiSpyware 2006 Free 3.2.118.0

I was not able to remove Need2Find Bar.
It says
"error while loading of /PROGRAM~1/NEED2F~1/1.bin/Nd2fnBar.dll
The module was not found."

I removed AVG antivirus

(Norton asked for some account info that I do not have in front of me, so sadly AVG antivirus had to go for now..)

I ran Hijackthis again and put a checkmark as instructed. The following was not present in the Hijackthis log anymore
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Programfiler\WinAntiSpyware 2006 Free\was6.exe" /min
O4 - HKLM\..\Run: [ERS_Check] "C:\Programfiler\Fellesfiler\WinAntiSpyware 2006 Free\uwasers.exe"
O4 - HKLM\..\Run: [uwas6cw] "C:\Programfiler\WinAntiSpyware 2006 Free\uwas6cw.exe" -c

Heres the Combofix log

Chris - 06-11-05 15:59:54.73 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Chris\Skrivebord"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\Programfiler\msupdate

((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))

2006-11-02 21:16 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-10-29 23:11 72,192 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-05 15:57 -------- d-------- C:\Programfiler\Fellesfiler
2006-11-05 15:45 -------- d---s---- C:\Documents and Settings\Chris\Programdata\Microsoft
2006-11-05 15:41 -------- d-------- C:\Programfiler\WinAntiSpyware 2006 Free
2006-11-05 14:49 -------- d-------- C:\Programfiler\Rolf
2006-11-04 16:51 -------- d-------- C:\Programfiler\Java
2006-11-02 21:16 -------- d-------- C:\Programfiler\avg Grisoft
2006-11-02 20:47 -------- d-------- C:\Programfiler\PowerCodec
2006-10-29 21:28 -------- d-------- C:\Programfiler\TrojanHunter 4.5
2006-10-27 03:34 -------- d-------- C:\Programfiler\Fellesfiler\Symantec Shared
2006-10-26 21:10 -------- d-------- C:\Documents and Settings\Chris\Programdata\WinAntiSpyware 2006
2006-10-26 21:06 -------- d-------- C:\Programfiler\3B Software
2006-10-16 19:58 -------- d-------- C:\Documents and Settings\Chris\Programdata\AdobeUM
2006-10-08 23:54 -------- d-------- C:\Programfiler\RevConnect
2006-09-30 14:55 -------- d--h----- C:\Programfiler\InstallShield Installation Information
2006-09-30 13:34 -------- d-------- C:\Programfiler\Doom 3
2006-09-20 22:16 -------- d-------- C:\Programfiler\Expekt
2006-09-13 06:07 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 16:54 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 13:28 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-16 13:00 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe\" /background"
"Windows Registry Repair Pro"="C:\\Programfiler\\3B Software\\Windows Registry Repair Pro\\RegistryRepairPro.exe 4"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Programfiler\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"iTunesHelper"="\"C:\\Programfiler\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Programfiler\\avg Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="C:\\Programfiler\\Java\\jre1.5.0_09\\bin\\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min gjeldende hjemmeside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"
"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"nvctrl.exe"="nvctrl.exe"
"isamonitor.exe"="C:\\Programfiler\\PowerCodec\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Sok pâ€ min datamaskin - Chris.job
C:\WINDOWS\tasks\Norton AntiVirus - Sok pâ€ min datamaskin.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-05 16:00:39.73
C:\ComboFix.txt ... 06-11-05 16:00

And here is the latest Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 16:04:49, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe
C:\Programfiler\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Skrivebord\trojan ny\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\PANELS\BLANK.HTM
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programfiler\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.0.0.58.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

The pop ups with WinAntivirus is gone! :whistling:

all I get now is the "windows registry repair pro 310 registry errors on your previous scan...." at startup - I do not know if this is standard sw or another virus.. :help:

Let me know what you think - again thanks for all help!! :blink:

Kind regards, thecollectore

#5
Buckeye_Sam

Posted 05 November 2006 - 02:31 PM

Malware Expert

Member
10,019 posts

This doesn't appear to be malware, but there's no reason for it to be running on startup, especially if it's giving you problems. Fix this line with Hijackthis.

O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programfiler\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

============

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"=-
"{f31aee4a-1530-4fef-8537-79c6973bff9a}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

============

Please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
If you have trouble getting into Safe mode go here for more info.

Once in safe mode, delete these folders.

C:\Programfiler\WinAntiSpyware 2006 Free
C:\Programfiler\PowerCodec
C:\Documents and Settings\Chris\Programdata\WinAntiSpyware 2006

============

Reboot back into normal mode.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

#6
thecollectore

Posted 05 November 2006 - 02:52 PM

Member

Topic Starter
Member
62 posts

Hi Sam!

Fixed the line with Hijackthis.

Did the code stuff.

I deleted the first two folders
C:\Programfiler\WinAntiSpyware 2006 Free
C:\Programfiler\PowerCodec

But I did not find the last one
C:\Documents and Settings\Chris\Programdata\WinAntiSpyware 2006

Maybe the folder is hidden? :whistling:

And I am not able to run Panda as mentioned above - I do not get the Install ActiveX - it says Click the bar above to start downloading - but there is no bar above........ :blink:

see attachment

Kind regards, thecollectore

#7
thecollectore

Posted 05 November 2006 - 02:54 PM

Member

Topic Starter
Member
62 posts

Hi Sam!

And I am not able to run Panda as mentioned above - I do not get the Install ActiveX - it says Click the bar above to start downloading - but there is no bar above........ :help:

Kind regards, thecollectore :whistling:

#8
thecollectore

Posted 05 November 2006 - 03:24 PM

Member

Topic Starter
Member
62 posts

Sorry about the double - now triple - posting...... :blink:

but here are the attachment showing the trouble with panda and activex.... :whistling:

Attached Thumbnails

#9
thecollectore

Posted 05 November 2006 - 03:27 PM

Member

Topic Starter
Member
62 posts

Attached Thumbnails

#10
thecollectore

Posted 06 November 2006 - 09:07 AM

Member

Topic Starter
Member
62 posts

Hi Sam!

I deleted

C:\Documents and Settings\Chris\Programdata\WinAntiSpyware 2006

it was in a Hidden folder of course.

Awaiting next steps and Panda-ActiveX suggestions :whistling:

#11
Buckeye_Sam

Posted 06 November 2006 - 04:50 PM

Malware Expert

Member
10,019 posts

Ok, let's skip past the online scan and run an on demand virus scanner that's very good.

Please download Bit Defender 8 Free Edition

Install the program and then follow the prompts to download all available updates.
Select Antivirus and then click the Settings button. Click Default. Click Ok.
Select Local Drives and click Scan.
When the scan is complete save the log and post it back here in your next reply.

Also post a new hijackthis log.
Let me know how your computer is working now. Any problems or issues?

#12
thecollectore

Posted 07 November 2006 - 09:17 AM

Member

Topic Starter
Member
62 posts

Hi Sam,

I'm on a business trip until Thursday 18:00 GMT +1. I'll do your suggestions then. Hope to talk to you on Thursday :whistling:

Kind regards, thecollectore

#13
Buckeye_Sam

Posted 07 November 2006 - 03:28 PM

Malware Expert

Member
10,019 posts

Ok, no problem. I'll be around. :whistling:

#14
thecollectore

Posted 09 November 2006 - 12:12 PM

Member

Topic Starter
Member
62 posts

Hi Sam

Here is the bitdefender log

//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 09/11/2006 18:10:28
//
//-----------------------------------------------------------------

Statistics

Scan path : C:\
Folders : 3991
Files : 199946
Archives : 3894
Packed files : 11562
Identified viruses : 6
Infected files : 9
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 8
Copied files : 0
Moved files : 4
Renamed files : 0
I/O errors : 26
Scan time : 00:48:12
Scan speed (files/sec) : 69

Virus definitions : 313362
Scan plugins : 13
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0001 Detected: Application.Adware.Instafinder.A
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0001 Disinfection failed
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0001 Move failed
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\138122B3=>(Quarantine-2) Detected: Adware.Gator.B
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\138122B3=>(Quarantine-2) Deleted
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\13844CAF=>(Quarantine-2) Detected: Adware.Gator.B
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\13844CAF=>(Quarantine-2) Deleted
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\176D6CC8.exe=>(Quarantine-2) Infected Backdoor.Rbot.BKB
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\176D6CC8.exe=>(Quarantine-2) Disinfection failed
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\176D6CC8.exe Moved
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\2340319C=>(Quarantine-2) Detected: Adware.Gator.B
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\2340319C=>(Quarantine-2) Deleted
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\30BA6952=>(Quarantine-2) Infected MemScan:Trojan.Delautoexec.51272.C
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\30BA6952=>(Quarantine-2) Disinfection failed
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\30BA6952 Moved
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\4B946F21=>(Quarantine-2) Detected: Application.Adware.Instafinder.A
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\4B946F21=>(Quarantine-2) Disinfection failed
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\4B946F21 Moved
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\5A9B4528.exe=>(Quarantine-2) Infected Backdoor.Rbot.IG
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\5A9B4528.exe=>(Quarantine-2) Disinfection failed
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\5A9B4528.exe Moved
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\76036631=>(Quarantine-2) Infected Backdoor.VBbot.A
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\76036631=>(Quarantine-2) Deleted

:help:

And here is the latest hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:01:24, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe
c:\programfiler\softwin\bitdefender8\bdmcon.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Chris\Skrivebord\trojan ny\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\PANELS\BLANK.HTM
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programfiler\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programfiler\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.0.0.58.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\avg Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

I think the PC is running ok. Do you see something in the logs?

And my keyboard is all messed up - the letters are fine - but the other buttons is all wrong - like when I try to type the questionmark it shows _ and if I try to write underline it shows ? I dont know if thats anything because of the viruses... :blink:

And I would love to get rid of Limwire for good - keeps popping back in even when I tried to delete it...

Let me know! :whistling:

#15
thecollectore

Posted 09 November 2006 - 01:30 PM

Member

Topic Starter
Member
62 posts

Hi again Sam :blink:

I also ran Kaspersky just now, and it still says that I am infected....here is the log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 09, 2006 8:26:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/11/2006
Kaspersky Anti-Virus database records: 239615
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 50683
Number of viruses found: 19
Number of infected objects: 43 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\Anne Katrine\Mine dokumenter\rolf\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Anne Katrine\Mine dokumenter\rolf\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Anne Katrine\Mine dokumenter\rolf\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Chris\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Logg\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Logg\History.IE5\MSHist012006110920061110\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Chris\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\Antispam\Log\Spam.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDCON.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDFW.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Programfiler\Need2Find\bar\1.bin\N2PLUGIN.DLL.tcf Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
C:\Programfiler\Need2Find\bar\1.bin\NPND2FN.DLL.tcf Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\05704473 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\06B04262 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A2B537F Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A2E7D7B Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778/stream/data0001 Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778 NSIS: infected - 2 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\0A312778 CryptFF: infected - 2 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\1B0C772F Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\22B055F4 Infected: not-a-virus:AdWare.Win32.RXBar.d skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\22B37FF0 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\22B629EC Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\25654098 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\2626401B Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\35261666 Infected: not-a-virus:[bleep]-Dialer.Win32.Intexdial skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\35411AC8 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\41690F59 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\43560686 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\45EF2C6F Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\48A82375 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\4C9961E9 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\57D47FE7/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\57D47FE7 NSIS: infected - 1 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\57D47FE7 CryptFF: infected - 1 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\5F9D6299 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\6BEF1E1B/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\6BEF1E1B NSIS: infected - 1 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\6BEF1E1B CryptFF: infected - 1 skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine\741B50A9 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086390.exe Infected: Trojan-Downloader.Win32.Zlob.arl skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086391.exe Infected: Trojan-Downloader.Win32.Zlob.aqh skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086392.exe Infected: Trojan-Downloader.Win32.Zlob.ark skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086394.dll Infected: not-a-virus:AdWare.Win32.ProtectionBar.l skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP540\A0086396.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP544\A0087747.dll Infected: not-virus:Hoax.Win32.Renos.cg skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP545\A0088051.dll Infected: Trojan-Downloader.Win32.Zlob.aqk skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP547\A0088181.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP547\A0088182.exe Infected: Backdoor.Win32.Rbot.ig skipped
C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP547\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3ECEB0A6-377C-4B0E-A191-88AA51E21BEC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\tmp00002d98\tmp00000000 Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Let me know what you think! :whistling: