Geeks to Go Forums: Help with Worm.win32.Netsky [Resolved] - Geeks to Go Forums

Jump to content

i Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or start a new topic of your own. Joining allows you to enjoy all this forum has to offer. Learn more in our Welcome Guide. What are you waiting for? Click here to join for free today!
Page 1 of 1

Help with Worm.win32.Netsky [Resolved]

#1 User is offline   Lord Flashheart 

  • New Member
  • Pip
  • Group: Member
  • Posts: 8
  • Joined: 03-November 07
  • Operating System:W. XP

Posted 03 November 2007 - 12:52 PM

Hi, a virus has recently attacked my computer. I believe it came from a program called VideoAccessCodecInstall.exe. There are many Windows Security Popups that keep coming up, and one of them keeps saying I have the "Worm.Win32.NetSky" virus. Whatever I click on in these popups, it opens up to a website (http://scanner.adwar...m/5/?advid=1216 or some other remover product). They popup frequently enough that I can barely type this without being interrupted. It also keeps replacing my background with a red screen saying that my computer may be infected. I've posted my HijackThis log. Any help would be much appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:36, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\CNYHKey.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\gamejackal\Maplom.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\Programfiler\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\Steam\Steam.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\CASIO\Photo Loader\Plauto.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\Antivirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: MSVPS System - {CF368FC4-3241-409B-B1D6-0EA4FE33A555} - C:\WINDOWS\advrepdow.dll
O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: The sdrmod - {210F79EC-C4B8-4AD5-B5B7-2B228F4376E9} - C:\WINDOWS\sdrmod.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Maplom] C:\Programfiler\gamejackal\Maplom.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobemidlertidig\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Programfiler\RSSoft\RSEDNClient.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programfiler\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [facethis] C:\DOCUME~1\STIGWU~1\PROGRA~1\AXISTI~1\SIZE BAGS.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programfiler\expektMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com...e/KooPlayer.ocx
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096976061359
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134820549375
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannel.../UKooPlayer.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.reds...ller/rssoft.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O21 - SSODL: hupsrv - {5287FBA5-47CD-4AD4-AA2D-28D39022F5B9} - C:\WINDOWS\hupsrv.dll
O21 - SSODL: bindmod - {59086272-B9D5-4023-9642-F6733DCAFF77} - C:\WINDOWS\bindmod.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 17067 bytes

Uninstallist


3DMark06
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.0 - Norsk
Adobe Shockwave Player
Adobe Stock Photos 1.0
Advanced Media Extension v1.5
AF-RF1
America's Army
Apple Software Update
ATI - Avinstalleringsverktøy for Programvaren
ATI Display Driver
AudibleManager
AVG Anti-Spyware 7.5
Battlefield 2™
Battlestations: Midway
Call of Duty® 2
Canon i560
Canon Utilities Easy-PhotoPrint
CC_ccProxyExt
ccCommon
ccPxyCore
Centennia Napoleonic Edition
C-Media 3D Audio
C-Media WDM Audio Driver
Company of Heroes
Compatibility Pack for the 2007 Office system
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano Plus
Crusader Kings
CSGTR2
Dangerous Waters
DC++ 0.674
Deluxe Ski Jump 3 v1.4.0
DestroY rFactor Tweaker v3.1.1
Diplomacy
DivX Content Uploader
DivX Player
DivX Pro Trial
DivX Web Player
Doomsday
EA SPORTS online 2006
EA SPORTS™ Rugby 08
Earthsim
Easy-WebPrint
Europa Universalis III
EXEtender Player
Expekt Poker
Expekt Poker
F1C Telemetry (FTL)
FIFA 06
First Eagles: The Great Air War 1918
Football Manager 2008
Fraps
Galactic Civilizations II
Game Jackal
GameCenter
GameShadow
GameSpy Arcade
Google Earth
Google Earth Pro
Google Toolbar for Internet Explorer
GPL Race Engineer
GPL Replay Analyser (remove only)
Grand Prix Legends Uninstall
Grand Theft Auto Vice City
GT Legends 1.0.0.0
GTR 2 1.0.0.0
GTR2_PlrPatcher
Gulesider Verktøylinje
Haali Media Splitter
Hearts of Iron 2 Doomsday Armageddon
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hurtigreparasjon for Windows Media Player 11 (KB939683)
Hurtigreparasjon for Windows XP (KB914440)
Imperial Glory
Indeo® Software
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
JLC's Internet TV
KeyNote 1.6.5
Knights Of Honor
LiveUpdate 3.0 (Symantec Corporation)
Logitech Gaming Software
Matroska Pack
Medieval Total War
Medion Flash XL
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Combat Flight Simulator 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Speech 5.1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Mod DTM v3.5
Mod Prototypes 1999-2007 SCC pour GTR2 v2.30
MoTeC i2 Pro
Mozilla Firefox (2.0.0.2)
MSRedist
MultiRes (remove only)
Music Manager
Nero Suite
Nimo Codecs Pack v5.0 (Remove Only)
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
Norton WMI Update
NVIDIA Drivers
NVIDIA Photoshop Plug-ins
Opera 9.10
Oppdatering for Windows XP (KB894391)
Oppdatering for Windows XP (KB896727)
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB900485)
Oppdatering for Windows XP (KB904942)
Oppdatering for Windows XP (KB910437)
Oppdatering for Windows XP (KB911280)
Oppdatering for Windows XP (KB916595)
Oppdatering for Windows XP (KB920872)
Oppdatering for Windows XP (KB922582)
Oppdatering for Windows XP (KB927891)
Oppdatering for Windows XP (KB929338)
Oppdatering for Windows XP (KB930916)
Oppdatering for Windows XP (KB931836)
Oppdatering for Windows XP (KB933360)
Oppdatering for Windows XP (KB936357)
Oppdatering for Windows XP (KB938828)
Photo Loader 2.3E
Photohands 1.0E
Picasa 2
PicoZip Recovery Tool 1.02
PokerStove version 1.12
Ports Of Call XXL
Power&Glory, 1st Release ver 1.01 (remove only)
Power&Glory, The IROCs (remove only)
PowerISO
PPLive 1.8
President Forever 2008 + Primaries Demo - v. 1.05.7.3
Prime Minister Forever - British Demo v. 1.00.6
Pro Cycling Manager
Pro Cycling Manager 2007
Pro Cycling Manager 2007
QuickTime
Race - The WTCC Game
Radeon Omega Drivers v3.8.330 Setup Files and Tools
RealPlayer
Red Swoosh EDN Client (remove only)
rFactor (remove only)
rFactor Setup Comparer
Richard Burns Rally
Rome - Total War™
Rome Total War - patch 1.3
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Sid Meier's Civilization 4
Sid Meier's Pirates!
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB928090)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB931768)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB933566)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB937143)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)
Sikkerhetsoppdatering for Windows Media Player (KB911564)
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)
Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)
Sikkerhetsoppdatering for Windows XP (KB883939)
Sikkerhetsoppdatering for Windows XP (KB890046)
Sikkerhetsoppdatering for Windows XP (KB893756)
Sikkerhetsoppdatering for Windows XP (KB896358)
Sikkerhetsoppdatering for Windows XP (KB896422)
Sikkerhetsoppdatering for Windows XP (KB896423)
Sikkerhetsoppdatering for Windows XP (KB896424)
Sikkerhetsoppdatering for Windows XP (KB896428)
Sikkerhetsoppdatering for Windows XP (KB896688)
Sikkerhetsoppdatering for Windows XP (KB899587)
Sikkerhetsoppdatering for Windows XP (KB899588)
Sikkerhetsoppdatering for Windows XP (KB899591)
Sikkerhetsoppdatering for Windows XP (KB900725)
Sikkerhetsoppdatering for Windows XP (KB901017)
Sikkerhetsoppdatering for Windows XP (KB901214)
Sikkerhetsoppdatering for Windows XP (KB902400)
Sikkerhetsoppdatering for Windows XP (KB903235)
Sikkerhetsoppdatering for Windows XP (KB904706)
Sikkerhetsoppdatering for Windows XP (KB905414)
Sikkerhetsoppdatering for Windows XP (KB905749)
Sikkerhetsoppdatering for Windows XP (KB905915)
Sikkerhetsoppdatering for Windows XP (KB908519)
Sikkerhetsoppdatering for Windows XP (KB908531)
Sikkerhetsoppdatering for Windows XP (KB911562)
Sikkerhetsoppdatering for Windows XP (KB911567)
Sikkerhetsoppdatering for Windows XP (KB911927)
Sikkerhetsoppdatering for Windows XP (KB912812)
Sikkerhetsoppdatering for Windows XP (KB912919)
Sikkerhetsoppdatering for Windows XP (KB913446)
Sikkerhetsoppdatering for Windows XP (KB913580)
Sikkerhetsoppdatering for Windows XP (KB914388)
Sikkerhetsoppdatering for Windows XP (KB914389)
Sikkerhetsoppdatering for Windows XP (KB916281)
Sikkerhetsoppdatering for Windows XP (KB917159)
Sikkerhetsoppdatering for Windows XP (KB917344)
Sikkerhetsoppdatering for Windows XP (KB917422)
Sikkerhetsoppdatering for Windows XP (KB917953)
Sikkerhetsoppdatering for Windows XP (KB918118)
Sikkerhetsoppdatering for Windows XP (KB918439)
Sikkerhetsoppdatering for Windows XP (KB918899)
Sikkerhetsoppdatering for Windows XP (KB919007)
Sikkerhetsoppdatering for Windows XP (KB920213)
Sikkerhetsoppdatering for Windows XP (KB920214)
Sikkerhetsoppdatering for Windows XP (KB920670)
Sikkerhetsoppdatering for Windows XP (KB920683)
Sikkerhetsoppdatering for Windows XP (KB920685)
Sikkerhetsoppdatering for Windows XP (KB921398)
Sikkerhetsoppdatering for Windows XP (KB921503)
Sikkerhetsoppdatering for Windows XP (KB921883)
Sikkerhetsoppdatering for Windows XP (KB922616)
Sikkerhetsoppdatering for Windows XP (KB922760)
Sikkerhetsoppdatering for Windows XP (KB922819)
Sikkerhetsoppdatering for Windows XP (KB923191)
Sikkerhetsoppdatering for Windows XP (KB923414)
Sikkerhetsoppdatering for Windows XP (KB923694)
Sikkerhetsoppdatering for Windows XP (KB923980)
Sikkerhetsoppdatering for Windows XP (KB924191)
Sikkerhetsoppdatering for Windows XP (KB924270)
Sikkerhetsoppdatering for Windows XP (KB924496)
Sikkerhetsoppdatering for Windows XP (KB924667)
Sikkerhetsoppdatering for Windows XP (KB925454)
Sikkerhetsoppdatering for Windows XP (KB925486)
Sikkerhetsoppdatering for Windows XP (KB925902)
Sikkerhetsoppdatering for Windows XP (KB926255)
Sikkerhetsoppdatering for Windows XP (KB926436)
Sikkerhetsoppdatering for Windows XP (KB927779)
Sikkerhetsoppdatering for Windows XP (KB927802)
Sikkerhetsoppdatering for Windows XP (KB928090)
Sikkerhetsoppdatering for Windows XP (KB928255)
Sikkerhetsoppdatering for Windows XP (KB928843)
Sikkerhetsoppdatering for Windows XP (KB929123)
Sikkerhetsoppdatering for Windows XP (KB930178)
Sikkerhetsoppdatering for Windows XP (KB931261)
Sikkerhetsoppdatering for Windows XP (KB931784)
Sikkerhetsoppdatering for Windows XP (KB932168)
Sikkerhetsoppdatering for Windows XP (KB933729)
Sikkerhetsoppdatering for Windows XP (KB935839)
Sikkerhetsoppdatering for Windows XP (KB935840)
Sikkerhetsoppdatering for Windows XP (KB936021)
Sikkerhetsoppdatering for Windows XP (KB938829)
Sikkerhetsoppdatering for Windows XP (KB941202)
Skype 3.1
Skype Plugin Manager
SopCast 1.1.2
SoulSeek Client 156c
SPBBC
Spybot - Search & Destroy 1.3
Steam
Telenor Online Start
TPTEST 5.0
TrackMania Nations ESWC 0.1.7.5
Tv Style Beta 0.9
TVUPlayer 2.3.2.34
Ulead Movie Wizard SE VCD
USB Wireless Keyboard Driver
Victoria
Victoria Revolutions 1.0
VideoLAN VLC media player 0.8.6a
WD Diagnostics
WebVideo Support
WH £ Casino 2005
WinASO Registry Optimizer 2.8
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP hurtigreparasjon - KB834707
Windows XP hurtigreparasjon - KB867282
Windows XP hurtigreparasjon - KB873333
Windows XP hurtigreparasjon - KB873339
Windows XP hurtigreparasjon - KB885250
Windows XP hurtigreparasjon - KB885835
Windows XP hurtigreparasjon - KB885836
Windows XP hurtigreparasjon - KB886185
Windows XP hurtigreparasjon - KB887472
Windows XP hurtigreparasjon - KB887742
Windows XP hurtigreparasjon - KB888113
Windows XP hurtigreparasjon - KB888302
Windows XP hurtigreparasjon - KB890047
Windows XP hurtigreparasjon - KB890175
Windows XP hurtigreparasjon - KB890859
Windows XP hurtigreparasjon - KB890923
Windows XP hurtigreparasjon - KB891781
Windows XP hurtigreparasjon - KB893066
Windows XP hurtigreparasjon - KB893086
Windows XP Service Pack 2
WinISO 5.3
WinRAR archiver
WinVROC
WinZip
Zoom Player (remove only)
0

#2 User is offline   kahdah 

  • GeekU Teacher
  • Group: Geek U Moderator
  • Posts: 14,908
  • Joined: 13-April 06
  • Location:Florida
  • Operating System:Windows 7

Posted 03 November 2007 - 01:51 PM

Hello Lord Flashheart

Welcome to G2Go. :)
=================
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
============================================
After that Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --
=====================================
PLease post back with a new Hijackthis log
Smitfraud fix log
No Lop log

This post has been edited by kahdah: 03 November 2007 - 01:52 PM

0

#3 User is offline   Lord Flashheart 

  • New Member
  • Pip
  • Group: Member
  • Posts: 8
  • Joined: 03-November 07
  • Operating System:W. XP

Posted 03 November 2007 - 02:30 PM

Thank so much for your help

Her are my logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:55, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\CNYHKey.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\gamejackal\Maplom.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\Programfiler\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\Steam\Steam.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\CASIO\Photo Loader\Plauto.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\NoLop.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\Antivirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: MSVPS System - {CF368FC4-3241-409B-B1D6-0EA4FE33A555} - C:\WINDOWS\advrepdow.dll
O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: The sdrmod - {210F79EC-C4B8-4AD5-B5B7-2B228F4376E9} - C:\WINDOWS\sdrmod.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Maplom] C:\Programfiler\gamejackal\Maplom.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobemidlertidig\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Programfiler\RSSoft\RSEDNClient.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programfiler\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [facethis] C:\DOCUME~1\STIGWU~1\PROGRA~1\AXISTI~1\SIZE BAGS.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programfiler\expektMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com...e/KooPlayer.ocx
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096976061359
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134820549375
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannel.../UKooPlayer.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.reds...ller/rssoft.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O21 - SSODL: hupsrv - {5287FBA5-47CD-4AD4-AA2D-28D39022F5B9} - C:\WINDOWS\hupsrv.dll
O21 - SSODL: bindmod - {59086272-B9D5-4023-9642-F6733DCAFF77} - C:\WINDOWS\bindmod.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

SmitFraudFix v2.246

Scan done at 21:14:54.98, 03/11/2007
Run from C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\CNYHKey.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\gamejackal\Maplom.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\Programfiler\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\Steam\Steam.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\CASIO\Photo Loader\Plauto.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and settings\Stig Wulff-Olsen


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and settings\Stig Wulff-Olsen\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STIGWU~1\FAVORI~1

C:\DOCUME~1\STIGWU~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\STIGWU~1\FAVORI~1\Privacy Protector.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\STIGWU~1\SKRIVE~1\Error Cleaner.url FOUND !
C:\DOCUME~1\STIGWU~1\SKRIVE~1\Privacy Protector.url FOUND !
C:\DOCUME~1\STIGWU~1\SKRIVE~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programfiler

C:\Programfiler\VideoAccessCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min gjeldende hjemmeside"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA VT6105 Rhine III Fast Ethernet Adapter - Miniport for pakkeplanlegger
DNS Server Search Order: 10.0.0.43
DNS Server Search Order: 10.0.0.45

Description: VIA VT6105 Rhine III Fast Ethernet Adapter - Miniport for pakkeplanlegger
DNS Server Search Order: 10.0.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{47F49C6F-25B4-46FC-AE04-81C7C83E161B}: DhcpNameServer=10.0.0.43 10.0.0.45
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AA0644F-5968-4BF5-8193-9CBFD95EE842}: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{47F49C6F-25B4-46FC-AE04-81C7C83E161B}: DhcpNameServer=10.0.0.43 10.0.0.45
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AA0644F-5968-4BF5-8193-9CBFD95EE842}: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{47F49C6F-25B4-46FC-AE04-81C7C83E161B}: DhcpNameServer=10.0.0.43 10.0.0.45
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9AA0644F-5968-4BF5-8193-9CBFD95EE842}: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

NoLop! Log by Skate_Punk_21

Fix running from: C:\Programfiler\Mozilla Firefox
[03/11/2007]
[21:18:10]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and settings\Stig Wulff-olsen\Application Data\Microsoft
0

#4 User is offline   kahdah 

  • GeekU Teacher
  • Group: Geek U Moderator
  • Posts: 14,908
  • Joined: 13-April 06
  • Location:Florida
  • Operating System:Windows 7

Posted 03 November 2007 - 02:43 PM

You are welcome :)

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
============================
After that Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

In case you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday.

In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
=================
Please post back with these logs:
rapport.txt
Combofix log
New Hijackthis
0

#5 User is offline   Lord Flashheart 

  • New Member
  • Pip
  • Group: Member
  • Posts: 8
  • Joined: 03-November 07
  • Operating System:W. XP

Posted 03 November 2007 - 03:38 PM

Did what you asked me to.
When Combofix was creating the log my Norton Antivirus found and removed(deleted file) a virus which it called Trojan.Zlob in the file C:\...\mydocs\msmdev.dll
And here are my logs:

SmitFraudFix v2.246

Scan done at 21:55:24.90, 03/11/2007
Run from C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\DOCUME~1\STIGWU~1\SKRIVE~1\Error Cleaner.url Deleted
C:\DOCUME~1\STIGWU~1\SKRIVE~1\Privacy Protector.url Deleted
C:\DOCUME~1\STIGWU~1\SKRIVE~1\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\STIGWU~1\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\STIGWU~1\FAVORI~1\Privacy Protector.url Deleted
C:\Programfiler\VideoAccessCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{47F49C6F-25B4-46FC-AE04-81C7C83E161B}: DhcpNameServer=10.0.0.43 10.0.0.45
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AA0644F-5968-4BF5-8193-9CBFD95EE842}: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{47F49C6F-25B4-46FC-AE04-81C7C83E161B}: DhcpNameServer=10.0.0.43 10.0.0.45
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AA0644F-5968-4BF5-8193-9CBFD95EE842}: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{47F49C6F-25B4-46FC-AE04-81C7C83E161B}: DhcpNameServer=10.0.0.43 10.0.0.45
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9AA0644F-5968-4BF5-8193-9CBFD95EE842}: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End









ComboFix 07-11-01.1** - Stig Wulff-Olsen 2007-11-03 22:16:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.1023 [GMT 1:00]
Running from: C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\sdrmod.dll
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 22:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 21:18 106 --a------ C:\delete.bat
2007-11-03 21:15 3,718 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 21:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-03 21:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-03 21:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-03 21:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-03 21:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-03 15:23 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Programdata\Grisoft
2007-11-03 15:23 <DIR> d-------- C:\Documents and settings\All Users\Programdata\Grisoft
2007-11-03 15:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-03 13:25 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Programdata\Lavasoft
2007-11-03 02:13 315,392 --a------ C:\WINDOWS\bindmod.dll
2007-11-03 02:13 286,720 --a------ C:\WINDOWS\hupsrv.dll
2007-11-03 02:13 286,720 --a------ C:\WINDOWS\advrepdow.dll
2007-11-03 02:13 139,264 --a------ C:\WINDOWS\wtopmod.exe
2007-10-31 21:45 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Programdata\Talkback
2007-10-27 19:02 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Contacts
2007-10-27 19:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-27 01:29 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Programdata\Sports Interactive
2007-10-27 01:19 <DIR> d--h----- C:\Programfiler\Zero G Registry
2007-10-27 01:13 <DIR> d--h----- C:\Documents and settings\Stig Wulff-Olsen\InstallAnywhere
2007-10-26 15:35 <DIR> d-------- C:\Football.Manager.2008 [CRACKED]
2007-10-18 23:54 <DIR> d-------- C:\WINDOWS\rFactor Setup Comparer
2007-10-15 21:09 <DIR> d-------- C:\Programfiler\NVIDIA Corporation
2007-10-10 10:58 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 15:54 <DIR> d-------- C:\zsett

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 21:11 --------- d-----w C:\Programfiler\Steam
2007-11-03 14:24 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared
2007-11-03 12:46 --------- d-----w C:\Programfiler\Gulesider Verktøylinje
2007-10-31 20:42 --------- d-----w C:\Programfiler\DivX
2007-10-30 19:40 --------- d---a-w C:\Documents and settings\All Users\Programdata\TEMP
2007-10-27 18:02 --------- d-----w C:\Programfiler\MSN Messenger
2007-10-17 00:51 --------- d-----w C:\Programfiler\Java
2007-10-15 20:09 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2007-10-09 23:54 --------- d-----w C:\Documents and settings\Stig Wulff-Olsen\Programdata\Skype
2007-10-06 13:40 --------- d-----w C:\Programfiler\PPLive
2007-10-06 00:46 --------- d-----w C:\Documents and settings\Stig Wulff-Olsen\Programdata\Azureus
2007-09-09 14:47 --------- d-----w C:\Programfiler\MSECache
2007-08-30 14:11 286,720 ------w C:\WINDOWS\Setup1.exe
2007-08-27 20:52 74,752 ------w C:\WINDOWS\ST6UNST.EXE
2007-03-01 23:27 2,148 ----a-w C:\Documents and settings\Stig Wulff-Olsen\minf.dat
2006-08-15 10:25 1 ----a-w C:\Documents and settings\Stig Wulff-Olsen\SI.bin
2006-03-05 14:40 558,770 ----a-w C:\Documents and settings\Stig Wulff-Olsen\ClientCoreLib-1.915-626.dll
1999-12-13 13:38 135,168 ----a-w C:\WINDOWS\inf\Agfa\message.exe
2004-11-21 21:49:08 56 --sh--r C:\WINDOWS\system32\B2E3A91277.sys
2004-11-21 21:49:08 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF368FC4-3241-409B-B1D6-0EA4FE33A555}]
2007-11-02 16:30 286720 --a------ C:\WINDOWS\advrepdow.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{210F79EC-C4B8-4AD5-B5B7-2B228F4376E9}"= C:\WINDOWS\sdrmod.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{210F79EC-C4B8-4AD5-B5B7-2B228F4376E9}]
[HKEY_CLASSES_ROOT\sdrmod.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{7A893DE7-EA2F-4625-A205-4F1F5D61344E}]
[HKEY_CLASSES_ROOT\sdrmod.ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [2003-10-14 17:31 C:\WINDOWS\CMICNFG.CPL]
"Dit"="Dit.exe" [2002-08-28 12:43 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2004-02-24 13:05 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-03 16:15 C:\WINDOWS\CNYHKey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2004-11-21 20:34]
"Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2005-01-17 16:25]
"Maplom"="C:\Programfiler\gamejackal\Maplom.exe" [2005-09-30 12:19]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-10-18 11:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 11:18]
"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-01-31 13:20]
"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51]
"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 05:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22]
"Adobe Reader Speed Launcher"="C:\Adobemidlertidig\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Red Swoosh EDN Client"="C:\Programfiler\RSSoft\RSEDNClient.exe" [2005-06-11 13:03]
"Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"Steam"="C:\Programfiler\Steam\Steam.exe" [2007-10-05 10:49]
"facethis"="C:\DOCUME~1\STIGWU~1\PROGRA~1\AXISTI~1\SIZE BAGS.exe" []
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

C:\Documents and settings\All Users\Start-meny\Programmer\Oppstart\
Acrobat Assistant.lnk - C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Photo Loader supervisory.lnk - C:\Programfiler\CASIO\Photo Loader\Plauto.exe [2006-05-29 22:04:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hupsrv"= {5287FBA5-47CD-4AD4-AA2D-28D39022F5B9} - C:\WINDOWS\hupsrv.dll [2007-11-02 16:30 286720]
"bindmod"= {59086272-B9D5-4023-9642-F6733DCAFF77} - C:\WINDOWS\bindmod.dll [2007-11-02 16:30 315392]

R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys
R1 atitray;atitray;\??\C:\Programfiler\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys
R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 LogWatch;Event Log Watch;C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
R2 X4HSX32;X4HSX32;\??\C:\Programfiler\EXEtender\X4HSX32.Sys
R3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc
S3 CA_LIC_CLNT;CA License Client;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
S3 CA_LIC_SRVR;CA License Server;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
S3 PciBus;PciBus;\??\C:\WINDOWS\system32\drivers\PciBus.sys
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a038e0-8f7c-11da-908a-000c76674cce}]
\Shell\AutoRun\command - G:\stub.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 22:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2007-11-03 20:28:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
"2007-03-30 12:55:28 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Stig Wulff-Olsen.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 22:23:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-03 22:28:08 - machine was rebooted
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:23, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\CNYHKey.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\Picasa2\PicasaMediaDetector.exe
C:\Programfiler\gamejackal\Maplom.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\Programfiler\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\Steam\Steam.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\CASIO\Photo Loader\Plauto.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\Antivirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: The sdrmod - {210F79EC-C4B8-4AD5-B5B7-2B228F4376E9} - C:\WINDOWS\sdrmod.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Maplom] C:\Programfiler\gamejackal\Maplom.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobemidlertidig\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Programfiler\RSSoft\RSEDNClient.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programfiler\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [facethis] C:\DOCUME~1\STIGWU~1\PROGRA~1\AXISTI~1\SIZE BAGS.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programfiler\expektMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com...e/KooPlayer.ocx
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096976061359
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134820549375
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannel.../UKooPlayer.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.reds...ller/rssoft.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 16258 bytes
0

#6 User is offline   kahdah 

  • GeekU Teacher
  • Group: Geek U Moderator
  • Posts: 14,908
  • Joined: 13-April 06
  • Location:Florida
  • Operating System:Windows 7

Posted 03 November 2007 - 04:26 PM

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\bindmod.dll
C:\WINDOWS\hupsrv.dll
C:\WINDOWS\advrepdow.dll
C:\WINDOWS\wtopmod.exe
C:\WINDOWS\hupsrv.dll 
C:\WINDOWS\bindmod.dll 

Folder::
C:\DOCUME~1\STIGWU~1\PROGRA~1\AXISTI~1

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF368FC4-3241-409B-B1D6-0EA4FE33A555}]
[-HKEY_CLASSES_ROOT\CLSID\{CF368FC4-3241-409B-B1D6-0EA4FE33A555}]
[-HKEY_CLASSES_ROOT\CLSID\{210F79EC-C4B8-4AD5-B5B7-2B228F4376E9}]
[-HKEY_CLASSES_ROOT\sdrmod.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{7A893DE7-EA2F-4625-A205-4F1F5D61344E}]
[-HKEY_CLASSES_ROOT\sdrmod.ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hupsrv"=-
"bindmod"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"facethis"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
======================================
After that download the HostsXpert 4.1 - Hosts File Manager Here
Unzip HostsXpert 4.1 - Hosts File Manager to your desktop

Open up the HostsXpert 4.1 - Hosts File Manager program.
  • Click on Make Writable at the top left hand corner.
  • Then click on Restore MS Hosts File
  • then click on Make Host File read only
  • close program

0

#7 User is offline   Lord Flashheart 

  • New Member
  • Pip
  • Group: Member
  • Posts: 8
  • Joined: 03-November 07
  • Operating System:W. XP

Posted 03 November 2007 - 05:14 PM

Here are my new logs:

ComboFix 07-11-01.1** - Stig Wulff-Olsen 2007-11-03 23:54:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.939 [GMT 1:00]
Running from: C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\advrepdow.dll
C:\WINDOWS\bindmod.dll
C:\WINDOWS\hupsrv.dll
C:\WINDOWS\wtopmod.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\STIGWU~1\PROGRA~1\AXISTI~1
C:\WINDOWS\bindmod.dll
C:\WINDOWS\hupsrv.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\wtopmod.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 22:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 21:18 106 --a------ C:\delete.bat
2007-11-03 21:15 3,718 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 21:14 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-03 21:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-03 21:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-03 21:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-03 21:14 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-03 15:23 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Programdata\Grisoft
2007-11-03 15:23 <DIR> d-------- C:\Documents and settings\All Users\Programdata\Grisoft
2007-11-03 15:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-03 13:25 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Programdata\Lavasoft
2007-10-31 21:45 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Programdata\Talkback
2007-10-27 19:02 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Contacts
2007-10-27 19:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-27 01:29 <DIR> d-------- C:\Documents and settings\Stig Wulff-Olsen\Programdata\Sports Interactive
2007-10-27 01:19 <DIR> d--h----- C:\Programfiler\Zero G Registry
2007-10-27 01:13 <DIR> d--h----- C:\Documents and settings\Stig Wulff-Olsen\InstallAnywhere
2007-10-26 15:35 <DIR> d-------- C:\Football.Manager.2008
2007-10-18 23:54 <DIR> d-------- C:\WINDOWS\rFactor Setup Comparer
2007-10-15 21:09 <DIR> d-------- C:\Programfiler\NVIDIA Corporation
2007-10-10 10:58 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 15:54 <DIR> d-------- C:\zsett

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 21:27 --------- d-----w C:\Programfiler\Steam
2007-11-03 21:25 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared
2007-11-03 12:46 --------- d-----w C:\Programfiler\Gulesider Verktøylinje
2007-10-31 20:42 --------- d-----w C:\Programfiler\DivX
2007-10-30 19:40 --------- d---a-w C:\Documents and settings\All Users\Programdata\TEMP
2007-10-27 18:02 --------- d-----w C:\Programfiler\MSN Messenger
2007-10-17 00:51 --------- d-----w C:\Programfiler\Java
2007-10-15 20:09 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2007-10-09 23:54 --------- d-----w C:\Documents and settings\Stig Wulff-Olsen\Programdata\Skype
2007-10-06 13:40 --------- d-----w C:\Programfiler\PPLive
2007-10-06 00:46 --------- d-----w C:\Documents and settings\Stig Wulff-Olsen\Programdata\Azureus
2007-09-09 14:47 --------- d-----w C:\Programfiler\MSECache
2007-08-30 14:11 286,720 ------w C:\WINDOWS\Setup1.exe
2007-08-27 20:52 74,752 ------w C:\WINDOWS\ST6UNST.EXE
2007-03-01 23:27 2,148 ----a-w C:\Documents and settings\Stig Wulff-Olsen\minf.dat
2006-08-15 10:25 1 ----a-w C:\Documents and settings\Stig Wulff-Olsen\SI.bin
2006-03-05 14:40 558,770 ----a-w C:\Documents and settings\Stig Wulff-Olsen\ClientCoreLib-1.915-626.dll
1999-12-13 13:38 135,168 ----a-w C:\WINDOWS\inf\Agfa\message.exe
2004-11-21 21:49:08 56 --sh--r C:\WINDOWS\system32\B2E3A91277.sys
2004-11-21 21:49:08 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [2003-10-14 17:31 C:\WINDOWS\CMICNFG.CPL]
"Dit"="Dit.exe" [2002-08-28 12:43 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2004-02-24 13:05 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-03 16:15 C:\WINDOWS\CNYHKey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2004-11-21 20:34]
"Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2005-01-17 16:25]
"Maplom"="C:\Programfiler\gamejackal\Maplom.exe" [2005-09-30 12:19]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-10-18 11:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 11:18]
"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-01-31 13:20]
"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51]
"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 05:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22]
"Adobe Reader Speed Launcher"="C:\Adobemidlertidig\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Red Swoosh EDN Client"="C:\Programfiler\RSSoft\RSEDNClient.exe" [2005-06-11 13:03]
"Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"Steam"="C:\Programfiler\Steam\Steam.exe" [2007-10-05 10:49]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

C:\Documents and settings\All Users\Start-meny\Programmer\Oppstart\
Acrobat Assistant.lnk - C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Photo Loader supervisory.lnk - C:\Programfiler\CASIO\Photo Loader\Plauto.exe [2006-05-29 22:04:41]

R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys
R1 atitray;atitray;\??\C:\Programfiler\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys
R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 LogWatch;Event Log Watch;C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
R2 X4HSX32;X4HSX32;\??\C:\Programfiler\EXEtender\X4HSX32.Sys
R3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc
S3 CA_LIC_CLNT;CA License Client;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
S3 CA_LIC_SRVR;CA License Server;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
S3 PciBus;PciBus;\??\C:\WINDOWS\system32\drivers\PciBus.sys
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a038e0-8f7c-11da-908a-000c76674cce}]
\Shell\AutoRun\command - G:\stub.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 22:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2007-11-03 22:28:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
"2007-03-30 12:55:28 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Stig Wulff-Olsen.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 00:03:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-04 0:07:36 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-03 22:28
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10:04, on 04/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\CNYHKey.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\Programfiler\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\gamejackal\Maplom.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\Programfiler\QuickTime\QTTask.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\Steam\Steam.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\CASIO\Photo Loader\Plauto.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\Antivirus\HiJackThis.exe
C:\Programfiler\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {210F79EC-C4B8-4AD5-B5B7-2B228F4376E9} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Maplom] C:\Programfiler\gamejackal\Maplom.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobemidlertidig\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Programfiler\RSSoft\RSEDNClient.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programfiler\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programfiler\expektMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com...e/KooPlayer.ocx
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096976061359
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134820549375
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannel.../UKooPlayer.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.reds...ller/rssoft.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 16180 bytes


I will now proceed with the HostXpert directions.
0

#8 User is offline   kahdah 

  • GeekU Teacher
  • Group: Geek U Moderator
  • Posts: 14,908
  • Joined: 13-April 06
  • Location:Florida
  • Operating System:Windows 7

Posted 03 November 2007 - 05:18 PM

After Hosts Expert
Please then do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer

  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:

  • Save the file to your desktop.
  • Copy and paste that information in your next post.

0

#9 User is offline   Lord Flashheart 

  • New Member
  • Pip
  • Group: Member
  • Posts: 8
  • Joined: 03-November 07
  • Operating System:W. XP

Posted 03 November 2007 - 05:20 PM

HostXpert directions completed.
0

#10 User is offline   Lord Flashheart 

  • New Member
  • Pip
  • Group: Member
  • Posts: 8
  • Joined: 03-November 07
  • Operating System:W. XP

Posted 03 November 2007 - 05:36 PM

Thanks for all your help so far.

You are right, the scanning process is going to take a while. Since it's past midnight here, and the scanning is probably going to take a few hours, I'll be back tomorrow.
0

#11 User is offline   kahdah 

  • GeekU Teacher
  • Group: Geek U Moderator
  • Posts: 14,908
  • Joined: 13-April 06
  • Location:Florida
  • Operating System:Windows 7

Posted 03 November 2007 - 05:39 PM

You are welcome. :)
That is fine.
0

#12 User is offline   Lord Flashheart 

  • New Member
  • Pip
  • Group: Member
  • Posts: 8
  • Joined: 03-November 07
  • Operating System:W. XP

Posted 04 November 2007 - 07:07 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 04, 2007 4:33:28 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/11/2007
Kaspersky Anti-Virus database records: 451004
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\
N:\

Scan Statistics:
Total number of scanned objects: 299968
Number of viruses found: 15
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 03:59:14

Infected Object Name / Virus Name / Last Action
C:\Documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\LiveUpdate\2007-11-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\010D0975.par Infected: P2P-Worm.Win32.VB.dz skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\10917310.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\180A681A.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\1C62379E.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bs skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\1C932D68.exe Infected: not-a-virus:AdTool.Win32.WhenU.e skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\1E3C3E99.EXE Infected: Backdoor.Win32.Rbot.gen skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\1ED438AF.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\3B42548B.EXE Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\3B87406C/go.exe Infected: not-a-virus:Porn-Dialer.Win32.Star skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\3B87406C ZIP: infected - 1 skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\3B87406C CryptFF: infected - 1 skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\4F344A22.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\4F6115F0.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\51233420 Infected: not-a-virus:Porn-Dialer.Win32.Star skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\51275E1D/go.exe Infected: not-a-virus:Porn-Dialer.Win32.Star skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\51275E1D ZIP: infected - 1 skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\51275E1D CryptFF: infected - 1 skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\52D60822.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\78077676.exe Infected: Trojan-Downloader.Win32.Adload.j skipped
C:\Documents and settings\All Users\Programdata\Symantec\Norton AntiVirus\Quarantine\7A9E2FE2.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and settings\NetworkService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and settings\NetworkService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Cookies\index.dat Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Mine dokumenter\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and settings\Stig Wulff-Olsen\Mine dokumenter\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and settings\Stig Wulff-Olsen\NTUSER.DAT Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\ntuser.dat.LOG Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\cert8.db Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\formhistory.dat Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\history.dat Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\key3.db Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\parent.lock Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\search.sqlite Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Mozilla\Firefox\Profiles\mcw9zav7.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Programdata\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and settings\Stig Wulff-Olsen\Skrivebord\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programfiler\Fellesfiler\Symantec Shared\Antispam\Log\Spam.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDCON.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDFW.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Savrt\0201NAV~.TMP Object is locked skipped
C:\Programfiler\Norton Internet Security\Norton AntiVirus\Savrt\0731NAV~.TMP Object is locked skipped
C:\Programfiler\Steam\Steam.log Object is locked skipped
C:\Programfiler\Steam\SteamApps\winui.gcf Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\main_uninstaller.exe.vir Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP583\A0309299.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP583\A0309300.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP583\A0309301.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP583\A0309302.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP583\A0309303.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP583\A0309304.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP585\A0309431.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP585\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP585\change.log Object is locked skipped
E:\System Volume Information\_restore{FC40DB4F-DE70-4CD8-B5A4-97033D66FE4E}\RP585\change.log Object is locked skipped

Scan process completed.
0

#13 User is offline   kahdah 

  • GeekU Teacher
  • Group: Geek U Moderator
  • Posts: 14,908
  • Joined: 13-April 06
  • Location:Florida
  • Operating System:Windows 7

Posted 04 November 2007 - 07:34 AM

Please empty your Norton antivirus quarantine.

After that please delete any Smitfraud fix related files\folders.
Empty your recycle bin.
=================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Posted Image
===
After that Your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Castle Cops To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

If you have any further problems please feel free to contact G2Go.:)
0

#14 User is offline   Lord Flashheart 

  • New Member
  • Pip
  • Group: Member
  • Posts: 8
  • Joined: 03-November 07
  • Operating System:W. XP

Posted 04 November 2007 - 07:59 AM

Splendid. :)

It looks good now.
Thank you very much for all your help. You're a lifesaver.

Have a fantastic day.
0

#15 User is offline   kahdah 

  • GeekU Teacher
  • Group: Geek U Moderator
  • Posts: 14,908
  • Joined: 13-April 06
  • Location:Florida
  • Operating System:Windows 7

Posted 04 November 2007 - 08:01 AM

You too and you are welcome.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
0

Share this topic:


Page 1 of 1

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users


Advertisements do not imply our endorsement of that product or service. Join to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising | Contact | Link to us