Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Remove Trojandownloader.xs


  • Please log in to reply

#1
pompel

pompel

    Member

  • Member
  • PipPip
  • 13 posts
Hello!

I have Windows XP - with service pack 2. My desktop computer has been infected with something called trojandownloader.xs

Can anyone help me remove this virus?

I have tried to install several virus program and spyware-program, but after a scan, and fix, it still coming back.

The computer is very slow, and sometimes the program freeze.

I hope someone know about this!

PS! Sorry about the bad english...
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello pompel

Welcome to G2Go. :)
=====================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
pompel

pompel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello, and thanks for help!

Here is the log from HijackThis:

__________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:43, on 15.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedi...llsidebar.jhtml
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=no&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.del.......;l=no&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Programfiler\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1368201A-93FA-49F3-922F-1BC315A6D729} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programfiler\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Programfiler\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)
O2 - BHO: {8cdf8db9-1888-cb59-c3c4-e40e03f071d5} - {5d170f30-e04e-4c3c-95bc-88819bd8fdc8} - C:\WINDOWS\system32\fqpfduxy.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91d41942-1dd2-11b2-8920-b5c8e44a8bc6} - C:\WINDOWS\vkjututk.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\przkxtnt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\efccbya.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jsrqzkzw] regsvr32 /u "C:\Documents and Settings\All Users\Programdata\jsrqzkzw.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\Tommy\LOKALE~1\Temp\452c4a4hpc4a4b.exe
O4 - HKLM\..\Run: [80d6fd83] rundll32.exe "C:\WINDOWS\system32\scvyfowk.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Programfiler\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com...ts/Fsplugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp09.photopr...geUploader3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: efccbya - efccbya.dll (file missing)
O20 - Winlogon Notify: przkxtnt - przkxtnt.dll (file missing)
O20 - Winlogon Notify: ˆP - ˆP (file missing)
O20 - Winlogon Notify: ˆhP - ˆhP (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programfiler\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - c:\Programfiler\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RAID Storage Manager Agent (RAIDStorAgent) - Dell - c:\Programfiler\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programfiler\Photodex\ProShowProducer\ScsiAccess.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programfiler\RealVNC\VNC4\WinVNC4.exe

--
End of file - 16179 bytes
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease do the following in Normal mode.
============================================
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Programfiler\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1368201A-93FA-49F3-922F-1BC315A6D729} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Programfiler\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)
O2 - BHO: {8cdf8db9-1888-cb59-c3c4-e40e03f071d5} - {5d170f30-e04e-4c3c-95bc-88819bd8fdc8} - C:\WINDOWS\system32\fqpfduxy.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {91d41942-1dd2-11b2-8920-b5c8e44a8bc6} - C:\WINDOWS\vkjututk.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\przkxtnt.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\efccbya.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [jsrqzkzw] regsvr32 /u "C:\Documents and Settings\All Users\Programdata\jsrqzkzw.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\Tommy\LOKALE~1\Temp\452c4a4hpc4a4b.exe
O4 - HKLM\..\Run: [80d6fd83] rundll32.exe "C:\WINDOWS\system32\scvyfowk.dll",b
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: efccbya - efccbya.dll (file missing)
O20 - Winlogon Notify: przkxtnt - przkxtnt.dll (file missing)
O20 - Winlogon Notify: ˆP - ˆP (file missing)
O20 - Winlogon Notify: ˆhP - ˆhP (file missing)



Now click on Fix Checked and then close Hijackthis.
===================================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
pompel

pompel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks Kahdah!

Here comes the log from combofix:

________________________________________________________________________________
__________

ComboFix 08-02-14.2 - Tommy 2008-02-15 10:56:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2433 [GMT 1:00]
Running from: C:\Ny mappe\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\Documents and Settings\All Users\Programdata.\jsrqzkzw.dll
C:\Programfiler\Helper
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\drivers\FRG50.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . failed to delete
C:\WINDOWS\system32\dsryatwu.ini
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\kwofyvcs.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\przkxtnt.dllbox
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\W007T32W.DLL
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
J:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FRG50
-------\LEGACY_NPF
-------\LEGACY_RUNTIME
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-15 09:27 . 2008-02-15 09:27 <DIR> d-------- C:\Programfiler\Trend Micro
2008-02-13 22:49 . 2008-02-13 22:50 <DIR> d-------- C:\Programfiler\RogueRemover FREE
2008-02-13 22:08 . 2008-02-13 22:08 <DIR> d-------- C:\Programfiler\Enigma Software Group
2008-02-13 14:18 . 2008-02-13 14:42 <DIR> d-------- C:\Programfiler\Norton Internet Security
2008-02-13 14:17 . 2008-02-13 14:35 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-13 14:17 . 2008-02-13 14:35 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-13 14:17 . 2008-02-13 14:35 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-13 14:17 . 2008-02-13 14:35 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-13 14:13 . 2008-02-13 14:35 <DIR> d-------- C:\Programfiler\Symantec
2008-02-13 14:12 . 2008-02-15 10:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared
2008-02-13 14:02 . 2008-02-13 14:02 <DIR> d-------- C:\WINDOWS\system\shfolder.dll
2008-02-11 18:04 . 2008-02-11 18:04 <DIR> d-------- C:\Documents and Settings\Tommy\Programdata\Grisoft
2008-02-11 06:26 . 2008-02-11 06:26 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Grisoft
2008-02-11 06:26 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 20:57 . 2008-02-13 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft
2008-02-10 15:38 . 2008-02-10 15:38 3,795,158 --a------ C:\WINDOWS\3nI5ll5zml.exe
2008-02-10 15:38 . 2008-02-10 15:38 29 --a------ C:\WINDOWS\system32\rpwoprse.tmp
2008-02-10 15:37 . 2008-02-10 15:37 <DIR> d-------- C:\WINDOWS\dtittnmk
2008-02-10 15:37 . 2008-02-10 15:37 197,632 --a------ C:\WINDOWS\gvatadyf.dll
2008-02-10 15:37 . 2008-02-10 15:37 131,072 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2008-02-10 15:37 . 2008-02-10 15:37 91,667 --a------ C:\WINDOWS\kzsvmlsp.exe
2008-02-10 15:37 . 2008-02-10 15:37 45,056 --a------ C:\WINDOWS\rcrshmda.exe
2008-02-10 15:37 . 2008-02-11 18:01 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2008-02-10 15:37 . 2008-02-11 15:37 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-10 15:37 . 2008-02-10 15:37 2 --a------ C:\-2133394132
2008-02-10 15:36 . 2008-02-10 15:36 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-10 15:36 . 2008-02-10 15:36 28,160 --a------ C:\jupss.exe
2008-02-05 18:56 . 2008-02-05 19:02 <DIR> d-------- C:\Programfiler\Windows Live
2008-02-05 18:56 . 2008-02-05 19:01 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2008-02-05 18:55 . 2008-02-05 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller
2008-02-05 11:25 . 2008-02-05 11:25 <DIR> d-------- C:\Programfiler\PopCap Games
2008-02-05 11:25 . 2008-02-05 12:16 14 --a------ C:\WINDOWS\popcinfot.dat
2008-02-05 11:25 . 2008-02-05 11:25 0 --a------ C:\WINDOWS\popcreg.dat
2008-01-29 19:09 . 2008-01-29 19:09 <DIR> d-------- C:\Programfiler\MSECache
2008-01-27 14:30 . 2008-02-04 22:11 <DIR> d-------- C:\Programfiler\PHP Editor
2008-01-27 09:59 . 2008-01-27 17:40 <DIR> d-------- C:\M-nytt-temp
2008-01-27 09:37 . 2008-01-27 11:57 <DIR> d-------- C:\museumsnytt
2008-01-21 23:56 . 2008-02-10 14:17 <DIR> d-------- C:\Programfiler\FTP Commander
2008-01-21 23:47 . 2008-01-21 23:47 <DIR> d-------- C:\Programfiler\SmartFTP Client 2.5 Setup Files
2008-01-17 10:11 . 2008-01-17 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\UDL
2008-01-17 10:09 . 2008-02-10 09:48 <DIR> d-------- C:\Programfiler\EPSON Print CD
2008-01-17 10:07 . 2008-01-17 10:07 <DIR> d-------- C:\Documents and Settings\Tommy\Programdata\InstallShield
2008-01-17 10:07 . 2008-01-17 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\EPSON
2008-01-17 10:06 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCKE.DLL
2008-01-17 10:06 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCKE.DLL
2008-01-17 10:06 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-01-17 10:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-17 10:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-17 10:05 . 2008-01-17 10:10 <DIR> d-------- C:\Programfiler\EPSON
2008-01-17 10:05 . 2008-01-17 10:05 26 --a------ C:\WINDOWS\CDER285EXPORT.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 07:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec
2008-02-10 19:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\McAfee
2008-02-10 14:36 --------- d-----w C:\Programfiler\RocketDock
2008-02-01 13:16 --------- d-----w C:\Programfiler\Microsoft Silverlight
2008-01-29 11:00 --------- d-----w C:\Programfiler\MediaCoder
2008-01-28 15:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink
2008-01-21 22:51 --------- d-----w C:\Programfiler\SmartFTP Client
2008-01-17 09:14 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-01-17 09:13 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-01-24 20:45 87,608 ----a-w C:\Documents and Settings\Tommy\Programdata\ezpinst.exe
2007-01-24 20:45 47,360 ----a-w C:\Documents and Settings\Tommy\Programdata\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"VisualTaskTips"="C:\Programfiler\VisualTaskTips\VisualTaskTips.exe" [2006-03-14 19:24 34816]
"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]
"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 11:16 68856]
"AnyDVD"="C:\Programfiler\SlySoft\AnyDVD\AnyDVD.exe" [2007-03-08 18:43 341861]
"Active Desktop Calendar"="C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe" [2005-12-01 14:06 2097152]
"RocketDock"="C:\Programfiler\RocketDock\RocketDock.exe" [ ]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-21 18:21 5537792]
"CTHelper"="CTHELPER.EXE" [2005-09-20 12:08 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 06:07 19968 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"CTXFIREG"="CTxfiReg.exe" []
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"CloneCDTray"="C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-06-05 15:06 188416]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-10 23:26 406016]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-09-12 00:58 229952]
"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]
"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 10:23 1838592]
"Adobe Version Cue CS2"="C:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-01-14 08:11 771704]
"SpyHunter Security Suite"="C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-03-21 23:01:31 25214]
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
CONNECTAUTrayApp.lnk - C:\Programfiler\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe [2006-03-30 06:33:38 124488]
Logo Calibration Loader.lnk - C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-04-29 13:54:18 540672]
ProfileReminder.lnk - C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-04-29 13:53:44 786432]
Suitcase Startup.lnk - C:\Programfiler\Extensis\Suitcase 9.2\Suitcase.exe [2006-03-25 07:03:02 3354624]
Windows Desktop Search.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 262944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 14:50 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R0 AFAmgt;AFAmgt;C:\WINDOWS\system32\drivers\AFAmgt.sys [2005-04-01 17:40]
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 12:10]
R2 ASFAgent;ASF Agent;c:\Programfiler\Intel\ASF Agent\ASFAgent.exe [2004-02-08 09:02]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\system32\drivers\AsfAlrt.sys [2002-12-18 05:31]
R2 PDIHWCTL;PDIHWCTL;C:\WINDOWS\system32\drivers\pdihwctl.sys [2005-03-27 05:01]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 18:07]
R2 X4HSX32;X4HSX32;C:\Programfiler\SoIP-player\X4HSX32.Sys [2006-03-13 17:13]
R3 avera800;AVerMedia DVB-T BDA Video Capture(A800);C:\WINDOWS\system32\Drivers\avera800.sys [2005-09-20 12:47]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 11:53]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 16:16]
S2 RAIDStorAgent;RAID Storage Manager Agent;"c:\Programfiler\Dell\RAID Storage Manager\StorServ.exe" [2005-07-06 16:55]
S3 EraserUtilDrv10633;EraserUtilDrv10633;C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilDrv10633.sys []
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []
S3 eyeonedp;eye-one display;C:\WINDOWS\system32\DRIVERS\eyeonedp.sys [2005-03-27 05:06]
S3 tcpip_patcher;tcpip_patcher;C:\WINDOWS\system32\tcpip_patcher.sys [2008-02-11 18:01]
S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 11:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 10:20:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-13 13:29:27 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tommy.job"
- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK:
"2008-02-15 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programfiler\RegistrySmart\RegistrySmart.ex
- C:\Programfiler\RegistrySmart
"2008-02-14 22:22:58 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E6876CEB-F37D-4EBF-A353-781367DF90B0}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 11:10:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programfiler\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-15 11:21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 10:21:36
.
2008-02-13 12:49:42 --- E O F ---




^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Here comes the log from HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:33, on 15.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Programfiler\Intel\ASF Agent\ASFAgent.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programfiler\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programfiler\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programfiler\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programfiler\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AnyDVD.lnk = C:\Programfiler\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: CaptureWiz.lnk = C:\Programfiler\CaptureWiz\Lite\CaptureWiz.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Programfiler\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: www.sf-anytime.com
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com...ts/Fsplugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp09.photopr...geUploader3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programfiler\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - c:\Programfiler\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RAID Storage Manager Agent (RAIDStorAgent) - Dell - c:\Programfiler\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programfiler\Photodex\ProShowProducer\ScsiAccess.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programfiler\RealVNC\VNC4\WinVNC4.exe

--
End of file - 16265 bytes
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi I would remove this program SpyHunter Security Suite as it used to be on the rouge security app list.
Plus with an Internet security suite you already have quite enough protection. >Norton Internet Security
Unless it is outdated.
If it is let me know and we will go from there.
================================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\3nI5ll5zml.exe
C:\WINDOWS\system32\rpwoprse.tmp
C:\WINDOWS\kzsvmlsp.exe
C:\WINDOWS\rcrshmda.exe
C:\WINDOWS\system32\tcpip_patcher.sys
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\4fdw.dll
C:\jupss.exe
Folder::
C:\WINDOWS\dtittnmk
C:\-2133394132
Driver::
symavc32
4fdw
tcpip_patcher


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP