Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer totally messed up malware or something worse [RESOLVED]


  • This topic is locked This topic is locked

#1
kristian22

kristian22

    Member

  • Member
  • PipPip
  • 10 posts
Hello, my first time here...so:

My comp started to get all messed up so i checked some guides and the first thing i did was to download Spybot. But it didnt make any difference after the scan so i downloaded VundoFix. It detected many .dll files and all of them got deleted except one named mljkljg.dll. I believe that this file is the problem. My panda antivirus seems to not do its job, just feels like that because panda havent said anything in a long while but is says that protection is fine. Please be gentle to me, this is my first time posting like this and using HijackThis. And now to my hijackfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:13:25, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program\Apoint\Apoint.exe
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\Apoint\Apntex.exe
C:\Program\Microsoft Office\Office\FINDFAST.EXE
C:\Program\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [74575a8c] rundll32.exe "C:\WINDOWS\system32\vopycwum.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://portal.itsam.se/iNotes6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6366 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello kristian22

Welcome to G2Go. :)
=================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
kristian22

kristian22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok here comes the log :)

ComboFix 08-02-17.2 - lokalt 2008-02-18 11:24:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.197 [GMT 1:00]
Running from: C:\Documents and Settings\lokalt\Skrivbord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\SYSTEM32\blasapfw.ini
C:\WINDOWS\SYSTEM32\boiubgup.ini
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\hcmrbsmo.dll
C:\WINDOWS\system32\idvwxqhg.dll
C:\WINDOWS\SYSTEM32\jctulrli.ini
C:\WINDOWS\SYSTEM32\kknmp.ini
C:\WINDOWS\SYSTEM32\kknmp.ini2
C:\WINDOWS\system32\mljkljg.dll
C:\WINDOWS\SYSTEM32\muwcypov.ini
C:\WINDOWS\SYSTEM32\qxlkiaqr.ini
C:\WINDOWS\SYSTEM32\ttvut.ini
C:\WINDOWS\SYSTEM32\ttvut.ini2
C:\WINDOWS\system32\vopycwum.dll
C:\WINDOWS\SYSTEM32\wycdd.ini
C:\WINDOWS\SYSTEM32\wycdd.ini2
C:\WINDOWS\SYSTEM32\yccdd.ini
C:\WINDOWS\SYSTEM32\yccdd.ini2

.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-18 02:12 . 2008-02-18 02:12 <KAT> d-------- C:\Program\Trend Micro
2008-02-17 23:23 . 2008-02-17 23:39 474 ---hs---- C:\WINDOWS\SYSTEM32\jrjatwfk.ini
2008-02-16 22:25 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\SYSTEM32\Startup.cpl
2008-02-16 22:13 . 2008-02-18 02:43 <KAT> d-------- C:\VundoFix Backups
2008-02-16 21:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ewrnppxvqjgx.sys
2008-02-16 20:57 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RkPavProc.sys
2008-02-16 20:44 . 2008-02-16 21:00 <KAT> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-02-16 20:44 . 2008-02-16 20:44 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-02-16 20:44 . 2008-02-16 20:44 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-02-16 20:44 . 2008-02-16 20:44 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-16 20:40 . 2008-02-16 21:03 354 ---hs---- C:\WINDOWS\SYSTEM32\fbixqpiv.ini
2008-02-13 07:55 . 2008-02-13 07:55 334,336 --------- C:\WINDOWS\SYSTEM32\pmnkk.dll_old
2008-02-13 00:08 . 2008-02-13 00:08 <KAT> d-------- C:\Program\LucasArts
2008-02-13 00:00 . 2008-02-16 18:41 322 --a------ C:\WINDOWS\wininit.ini
2008-02-12 23:20 . 2008-02-16 21:05 <KAT> d-------- C:\Program\Spybot - Search & Destroy
2008-02-12 23:20 . 2008-02-13 07:52 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 22:17 . 2008-02-18 11:14 <KAT> d-------- C:\Documents and Settings\lokalt\Application Data\skypePM
2008-02-01 22:17 . 2008-02-01 22:17 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-01 22:14 . 2008-02-18 11:15 <KAT> d-------- C:\Documents and Settings\lokalt\Application Data\Skype
2008-02-01 22:12 . 2008-02-01 22:13 <KAT> d-------- C:\Program\Skype
2008-02-01 22:12 . 2008-02-01 22:12 <KAT> d-------- C:\Program\Delade filer\Skype
2008-02-01 22:11 . 2008-02-01 22:13 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 01:11 --------- d-----w C:\Documents and Settings\lokalt\Application Data\uTorrent
2008-02-16 20:07 --------- d-----w C:\Program\DAEMON Tools
2008-02-16 20:04 --------- d-----w C:\Program\Digital Line Detect
2008-02-16 20:02 --------- d-----w C:\Program\MSN Messenger
2008-02-16 19:58 --------- d-----w C:\Program\Apoint
2008-02-12 23:08 --------- d--h--w C:\Program\InstallShield Installation Information
2008-02-12 15:33 --------- d-----w C:\Program\Delade filer\InstallShield
2008-02-10 22:23 --------- d-----w C:\Documents and Settings\lokalt\Application Data\dvdcss
2008-01-01 22:45 --------- d-----w C:\Documents and Settings\lokalt\Application Data\AdobeUM
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DB05189-E3E6-4D4B-852B-C9F32B59F48A}]
C:\WINDOWS\system32\tuvtt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{692C15D1-7E33-416F-A1D0-7E9261888DFD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7cccf70b-f4b4-4d98-9f4a-a1e551b10ed3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8193D7A3-E2A4-4539-A915-54DB44CC8F3E}]
C:\WINDOWS\system32\jkkif.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B64D0956-3985-485D-9151-7C706DC8F1AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6B30170-643E-48D9-9BA5-E8C48FC9E02D}]
C:\WINDOWS\system32\pmnkk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBC0981E-B112-46A2-990B-80E5ED881AFB}]
C:\WINDOWS\system32\ddcyw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:34 15360]
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"Skype"="C:\Program\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 12:01 4632576]
"nwiz"="nwiz.exe" [2004-10-26 12:01 921600 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2004-02-02 15:32 155648]
"SunJavaUpdateSched"="C:\Program\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"bascstray"="BascsTray.exe" []
"Dell QuickSet"="C:\Program\Dell\QuickSet\quickset.exe" [2004-03-04 20:59 487424]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18 28672]
"AdaptecDirectCD"="C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"SCANINICIO"="C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe" [2003-06-18 12:00 20480]
"APVXDWIN"="C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.exe" [2004-04-29 14:59 299008]
"NWTRAY"="NWTRAY.EXE" [2001-12-18 13:24 28672 C:\WINDOWS\SYSTEM32\nwtray.exe]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2007-12-13 08:58 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:34 15360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Digital Line Detect.lnk - C:\Program\Digital Line Detect\DLG.exe [2004-05-21 11:56:50 24576]
Microsoft Office Snabbs”kning.lnk - C:\Program\Microsoft Office\Office\FINDFAST.EXE [1997-08-31 23:00:00 111376]
Office-autostart.lnk - C:\Program\Microsoft Office\Office\OSA.EXE [1997-08-31 23:00:00 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vcmujrag]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

R2 PAVFIRES;Panda Firewall Service;C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [2004-04-05 12:08]
R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-14 15:03]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-08-10 09:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 13:59:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 11:32:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\SCardSvr.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program\Apoint\Apntex.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-02-18 11:36:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 10:36:02
.
2008-02-13 18:34:09 --- E O F ---
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\jrjatwfk.ini
C:\WINDOWS\SYSTEM32\DRIVERS\ewrnppxvqjgx.sys
C:\WINDOWS\SYSTEM32\fbixqpiv.ini
C:\WINDOWS\SYSTEM32\pmnkk.dll_old
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\tuvtt.dll
C:\WINDOWS\system32\jkkif.dll
C:\WINDOWS\system32\pmnkk.dll
Folder::
C:\VundoFix Backups
Driver::
ewrnppxvqjgx
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vcmujrag]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DB05189-E3E6-4D4B-852B-C9F32B59F48A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{692C15D1-7E33-416F-A1D0-7E9261888DFD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7cccf70b-f4b4-4d98-9f4a-a1e551b10ed3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8193D7A3-E2A4-4539-A915-54DB44CC8F3E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B64D0956-3985-485D-9151-7C706DC8F1AF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6B30170-643E-48D9-9BA5-E8C48FC9E02D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBC0981E-B112-46A2-990B-80E5ED881AFB}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
kristian22

kristian22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I hope i did it right now.


ComboFix 08-02-17.2 - lokalt 2008-02-19 10:09:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.222 [GMT 1:00]
Running from: C:\Documents and Settings\lokalt\Skrivbord\ComboFix.exe
Command switches used :: C:\Documents and Settings\lokalt\Skrivbord\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\SYSTEM32\DRIVERS\ewrnppxvqjgx.sys
C:\WINDOWS\SYSTEM32\fbixqpiv.ini
C:\WINDOWS\system32\jkkif.dll
C:\WINDOWS\SYSTEM32\jrjatwfk.ini
C:\WINDOWS\system32\pmnkk.dll
C:\WINDOWS\SYSTEM32\pmnkk.dll_old
C:\WINDOWS\system32\tuvtt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\DRIVERS\ewrnppxvqjgx.sys
C:\WINDOWS\SYSTEM32\fbixqpiv.ini
C:\WINDOWS\SYSTEM32\jrjatwfk.ini
C:\WINDOWS\SYSTEM32\pmnkk.dll_old
C:\VundoFix Backups
C:\VundoFix Backups\arseljpa.dll.bad
C:\VundoFix Backups\atcpbqoe.dll.bad
C:\VundoFix Backups\ddcdeby.dll.bad
C:\VundoFix Backups\dsilvcds.dll.bad
C:\VundoFix Backups\dunaprms.ini.bad
C:\VundoFix Backups\eiuwcxyb.dll.bad
C:\VundoFix Backups\fikkj.ini.bad
C:\VundoFix Backups\fikkj.ini2.bad
C:\VundoFix Backups\gmooihor.dll.bad
C:\VundoFix Backups\hjygmfkv.dll.bad
C:\VundoFix Backups\hjygmfkv.dllbox.bad
C:\VundoFix Backups\iknmsmit.dll.bad
C:\VundoFix Backups\jdrjrroa.dll.bad
C:\VundoFix Backups\jkkif.dll.bad
C:\VundoFix Backups\jxvwvoja.dll.bad
C:\VundoFix Backups\mljkljg.dll.bad
C:\VundoFix Backups\ptsqbckw.dll.bad
C:\VundoFix Backups\pugbuiob.dll.bad
C:\VundoFix Backups\qffxliuf.dll.bad
C:\VundoFix Backups\qoobrhlb.dll.bad
C:\VundoFix Backups\sdcvlisd.ini.bad
C:\VundoFix Backups\smrpanud.dll.bad
C:\VundoFix Backups\tuvtt.dll.bad
C:\VundoFix Backups\vcmujrag.dll.bad
C:\VundoFix Backups\vcmujrag.dllbox.bad
C:\VundoFix Backups\vipqxibf.dll.bad
C:\VundoFix Backups\vqleqtkh.dll.bad

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_EWRNPPXVQJGX
-------\ewrnppxvqjgx


((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-18 11:36 . 2008-02-18 11:36 <KAT> d-------- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokala inställningar
2008-02-18 11:36 . 2008-02-18 11:36 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala inställningar
2008-02-18 11:36 . 2008-02-18 11:36 <KAT> d-------- C:\Documents and Settings\lokalt\Lokala inställningar
2008-02-18 11:36 . 2008-02-18 11:36 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala inställningar
2008-02-18 11:36 . <KAT> C:\Documents and Settings\Administrat÷r\Lokala inställningar
2008-02-18 11:36 . <KAT> C:\Documents and Settings\Administrat÷r\Lokala inställningar
2008-02-18 02:12 . 2008-02-18 02:12 <KAT> d-------- C:\Program\Trend Micro
2008-02-16 22:25 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\SYSTEM32\Startup.cpl
2008-02-16 20:57 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RkPavProc.sys
2008-02-16 20:44 . 2008-02-16 21:00 <KAT> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-02-16 20:44 . 2008-02-16 20:44 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-02-16 20:44 . 2008-02-16 20:44 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-02-16 20:44 . 2008-02-16 20:44 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-13 00:08 . 2008-02-13 00:08 <KAT> d-------- C:\Program\LucasArts
2008-02-13 00:00 . 2008-02-16 18:41 322 --a------ C:\WINDOWS\wininit.ini
2008-02-12 23:20 . 2008-02-16 21:05 <KAT> d-------- C:\Program\Spybot - Search & Destroy
2008-02-12 23:20 . 2008-02-13 07:52 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 22:17 . 2008-02-19 10:00 <KAT> d-------- C:\Documents and Settings\lokalt\Application Data\skypePM
2008-02-01 22:17 . 2008-02-01 22:17 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-01 22:14 . 2008-02-19 10:16 <KAT> d-------- C:\Documents and Settings\lokalt\Application Data\Skype
2008-02-01 22:12 . 2008-02-01 22:13 <KAT> d-------- C:\Program\Skype
2008-02-01 22:12 . 2008-02-01 22:12 <KAT> d-------- C:\Program\Delade filer\Skype
2008-02-01 22:11 . 2008-02-01 22:13 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:10 --------- d-----w C:\Documents and Settings\lokalt\Application Data\uTorrent
2008-02-16 20:07 --------- d-----w C:\Program\DAEMON Tools
2008-02-16 20:04 --------- d-----w C:\Program\Digital Line Detect
2008-02-16 20:02 --------- d-----w C:\Program\MSN Messenger
2008-02-16 19:58 --------- d-----w C:\Program\Apoint
2008-02-12 23:08 --------- d--h--w C:\Program\InstallShield Installation Information
2008-02-12 15:33 --------- d-----w C:\Program\Delade filer\InstallShield
2008-02-10 22:23 --------- d-----w C:\Documents and Settings\lokalt\Application Data\dvdcss
2008-01-01 22:45 --------- d-----w C:\Documents and Settings\lokalt\Application Data\AdobeUM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DB05189-E3E6-4D4B-852B-C9F32B59F48A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{692C15D1-7E33-416F-A1D0-7E9261888DFD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7cccf70b-f4b4-4d98-9f4a-a1e551b10ed3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8193D7A3-E2A4-4539-A915-54DB44CC8F3E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B64D0956-3985-485D-9151-7C706DC8F1AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6B30170-643E-48D9-9BA5-E8C48FC9E02D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBC0981E-B112-46A2-990B-80E5ED881AFB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:34 15360]
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"Skype"="C:\Program\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 12:01 4632576]
"nwiz"="nwiz.exe" [2004-10-26 12:01 921600 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2004-02-02 15:32 155648]
"SunJavaUpdateSched"="C:\Program\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"bascstray"="BascsTray.exe" []
"Dell QuickSet"="C:\Program\Dell\QuickSet\quickset.exe" [2004-03-04 20:59 487424]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18 28672]
"AdaptecDirectCD"="C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"SCANINICIO"="C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe" [2003-06-18 12:00 20480]
"APVXDWIN"="C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.exe" [2004-04-29 14:59 299008]
"NWTRAY"="NWTRAY.EXE" [2001-12-18 13:24 28672 C:\WINDOWS\SYSTEM32\nwtray.exe]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2007-12-13 08:58 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:34 15360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Digital Line Detect.lnk - C:\Program\Digital Line Detect\DLG.exe [2004-05-21 11:56:50 24576]
Microsoft Office Snabbs”kning.lnk - C:\Program\Microsoft Office\Office\FINDFAST.EXE [1997-08-31 23:00:00 111376]
Office-autostart.lnk - C:\Program\Microsoft Office\Office\OSA.EXE [1997-08-31 23:00:00 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vcmujrag]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

R2 PAVFIRES;Panda Firewall Service;C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [2004-04-05 12:08]
R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-14 15:03]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-08-10 09:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 13:59:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 10:17:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\SCardSvr.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Apoint\Apntex.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
.
**************************************************************************
.
Completion time: 2008-02-19 10:20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 09:19:34
ComboFix2.txt 2008-02-18 10:36:19
.
2008-02-13 18:34:09 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:47, on 2008-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Apoint\Apoint.exe
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\Microsoft Office\Office\FINDFAST.EXE
C:\Program\Microsoft Office\Office\OSA.EXE
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\Explorer.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://portal.itsam.se/iNotes6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6581 bytes
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yep you did it right :

Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab


Now click on Fix Checked and then close Hijackthis.
================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
kristian22

kristian22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
that scan took so long time that i fell asleep yesterday :) but heres the kapersky log:

Wednesday, February 20, 2008 6:40:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 573353
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 49313
Number of viruses found 4
Number of infected objects 60
Number of suspicious objects 0
Duration of the scan process 01:15:56

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\lokalt\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\lokalt\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\lokalt\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\lokalt\Lokala inställningar\Temp\offAC.tmp Object is locked skipped
C:\Documents and Settings\lokalt\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\lokalt\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\lokalt\Lokala inställningar\Tidigare\History.IE5\MSHist012008022020080221\index.dat Object is locked skipped
C:\Documents and Settings\lokalt\Mina dokument\Marratech51installerWindows.msi/Data1.cab/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\lokalt\Mina dokument\Marratech51installerWindows.msi/Data1.cab/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\lokalt\Mina dokument\Marratech51installerWindows.msi/Data1.cab Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\lokalt\Mina dokument\Marratech51installerWindows.msi Embedded: infected - 3 skipped
C:\Documents and Settings\lokalt\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\lokalt\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\ffastunT.ffl Object is locked skipped
C:\Program\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program\Marratech\Marratech5.1\bin\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program\Marratech\Marratech5.1\bin\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program\Marratech\Marratech6.1\bin\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program\Marratech\Marratech6.1\bin\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\rawlog.log Object is locked skipped
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\seclog.log Object is locked skipped
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\syslog.log Object is locked skipped
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\tralog.log Object is locked skipped
C:\QooBox\Quarantine\C\VundoFix Backups\arseljpa.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\atcpbqoe.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\ddcdeby.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\dsilvcds.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\eiuwcxyb.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\gmooihor.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\hjygmfkv.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\iknmsmit.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\jdrjrroa.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\jkkif.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\jxvwvoja.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\mljkljg.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\ptsqbckw.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\pugbuiob.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\qffxliuf.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\qoobrhlb.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\smrpanud.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\tuvtt.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\vcmujrag.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\vipqxibf.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\vqleqtkh.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hcmrbsmo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\idvwxqhg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mljkljg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pmnkk.dll_old.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vopycwum.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040415.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040416.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040418.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040419.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040420.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040421.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040422.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040425.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040426.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040427.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040428.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040430.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP607\A0040431.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP608\A0040462.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP608\A0040463.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP608\A0040464.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP608\A0040465.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP608\A0040466.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP608\A0040494.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP609\A0040511.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP609\A0040512.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP609\A0040513.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP609\A0040514.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{41231BB5-6A21-4AB4-81D9-DD9912C7F2F3}\RP610\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\pavjob.log Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
  • 0

#8
kristian22

kristian22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
and btw i will be out of town until friday so i won't be able to reply until then
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok Friday is fine :)

The other things that Kaspersky found were false positives.
It found Winvnc to be threat but it is not. :)
==========================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program\DAEMON Tools\SetupDTSB.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=============
Also a new Hijackthis log and let me kow how things are running?
  • 0

#10
kristian22

kristian22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok now i guess i did something wrong with the intructions. First i dont know the password for administrator whitch i need to run it, but i post the log anyway and you can correct me :) and second it seems to work well now, guess it's gone now right? please also tell me what programs i should have installed to prevent this from happening again.

C:\Program\DAEMON Tools\SetupDTSB.exe moved successfully.

OTMoveIt2 v1.0.20 log created on 02222008_134446



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:40, on 2008-02-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Apoint\Apoint.exe
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program\Apoint\Apntex.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\Microsoft Office\Office\FINDFAST.EXE
C:\Program\Microsoft Office\Office\OSA.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3DB05189-E3E6-4D4B-852B-C9F32B59F48A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {692C15D1-7E33-416F-A1D0-7E9261888DFD} - (no file)
O2 - BHO: (no name) - {7cccf70b-f4b4-4d98-9f4a-a1e551b10ed3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8193D7A3-E2A4-4539-A915-54DB44CC8F3E} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {B64D0956-3985-485D-9151-7C706DC8F1AF} - (no file)
O2 - BHO: (no name) - {C6B30170-643E-48D9-9BA5-E8C48FC9E02D} - (no file)
O2 - BHO: (no name) - {CBC0981E-B112-46A2-990B-80E5ED881AFB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://portal.itsam.se/iNotes6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vcmujrag - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7516 bytes
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Seems that some has come back at least there are more entries in Hijackthis than there were previously I would like to run this scanner to double check.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#12
kristian22

kristian22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'm sorry I installed the program in swedish but I think it's not a problem.


Malwarebytes' Anti-Malware 1.05
Databasversion: 394

Skanningstyp: Snabb skanning
Antal skannade objekt: 25166
Förfluten tid: 5 minute(s), 58 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 7
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d44bcf-aa7a-41d6-8905-e808f16322ef} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Documents and Settings\lokalt\Skrivbord\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#14
kristian22

kristian22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Deckard's System Scanner v20071014.68
Run by lokalt on 2008-02-23 10:38:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-02-23 09:38:12 UTC - RP614 - Deckard's System Scanner Restore Point
11: 2008-02-23 09:30:03 UTC - RP613 - Installed Windows Live
10: 2008-02-23 09:28:52 UTC - RP612 - Windows Live installer installerades
9: 2008-02-20 12:06:31 UTC - RP611 - Systemkontrollpunkt
8: 2008-02-19 09:09:27 UTC - RP610 - ComboFix created restore point


-- First Restore Point --
1: 2008-02-12 15:50:41 UTC - RP603 - Installed Star Wars Battlefront II


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.9 GiB (less than 15%) free.


-- HijackThis (run as lokalt.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:02, on 2008-02-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Apoint\Apoint.exe
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\Microsoft Office\Office\FINDFAST.EXE
C:\Program\Microsoft Office\Office\OSA.EXE
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Windows Live\installer\WLSetupSvc.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\lokalt\Skrivbord\dss.exe
C:\Program\TRENDM~1\HIJACK~1\lokalt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3DB05189-E3E6-4D4B-852B-C9F32B59F48A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {692C15D1-7E33-416F-A1D0-7E9261888DFD} - (no file)
O2 - BHO: (no name) - {7cccf70b-f4b4-4d98-9f4a-a1e551b10ed3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8193D7A3-E2A4-4539-A915-54DB44CC8F3E} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B64D0956-3985-485D-9151-7C706DC8F1AF} - (no file)
O2 - BHO: (no name) - {C6B30170-643E-48D9-9BA5-E8C48FC9E02D} - (no file)
O2 - BHO: (no name) - {CBC0981E-B112-46A2-990B-80E5ED881AFB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://portal.itsam.se/iNotes6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vcmujrag - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7642 bytes

-- HijackThis Fixed Entries (C:\Program\TRENDM~1\HIJACK~1\backups\) ------------

backup-20080220-015849-195 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
backup-20080220-015849-744 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - C:\Program\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.vbs - VBSFile - shell\open\command - C:\Program\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NICM (%ProductNICMDisplayName%) - c:\windows\system32\drivers\nicm.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R2 NetwareWorkstation (Novell Client for Windows) - c:\windows\system32\netware\nwfs.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 NWDHCP (Novell DHCP Inform Client) - c:\windows\system32\netware\nwdhcp.sys
R2 PAVDRV (Panda anti-virus driver) - c:\windows\system32\drivers\pavdrv51.sys <Not Verified; Panda Software; Panda® Antivirus>
R2 RESMGR (Novell NetWare Resource Manager) - c:\windows\system32\netware\resmgr.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 SRVLOC (Novell Service Location) - c:\windows\system32\netware\srvloc.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 WG3N (SyGate for NT, WG3N) - c:\windows\system32\drivers\wg3n.sys <Not Verified; Sygate Technologies, Inc.; Sygate WGXN>
R3 ComFiltr (Panda Anti-Dialer) - c:\windows\system32\drivers\comfiltr.sys (file missing)
R3 NWDNS (Novell DNS Name Space Service Provider) - c:\windows\system32\netware\nwdns.sys
R3 NWHOST (Novell Host File Name Space Service Provider) - c:\windows\system32\netware\nwhost.sys
R3 NWSLP (Novell SLP Name Space Service Provider) - c:\windows\system32\netware\nwslp.sys
R3 NWSNS (Novell Simple Naming Services) - c:\windows\system32\netware\nwsns.sys

S2 NWSIPX32 (Novell NetWare IPX/SPX Transport Interface) - c:\windows\system32\netware\nwsipx32.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 NWSAP (Novell SAP Name Space Provider) - c:\windows\system32\netware\nwsap.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program\delade filer\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.3) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 Multi-user Cleanup Service - c:\program\lotus\notes\ntmulti.exe
R2 PAVFIRES (Panda Firewall Service) - c:\program\panda software\panda antivirus platinum\firewall\pavfires.exe <Not Verified; Panda Software; Platinum 7 Pavfires>
R2 PAVSRV (Panda anti-virus service) - c:\program\panda software\panda antivirus platinum\pavsrv51.exe <Not Verified; Panda Software; Panda Antivirus>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\D781030314FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\D781030314FC000
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-01-26 14:59:48 272 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-23 and 2008-02-23 -----------------------------

2008-02-23 10:31:25 0 d-------- C:\WINDOWS\LastGood
2008-02-23 10:29:46 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller
2008-02-23 10:28:57 0 d-------- C:\Program\Windows Live
2008-02-23 10:28:39 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-23 02:40:46 0 d-------- C:\Documents and Settings\lokalt\Application Data\Malwarebytes
2008-02-23 02:40:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-23 02:40:33 0 d-------- C:\Program\Malwarebytes' Anti-Malware
2008-02-20 02:02:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 02:02:04 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-19 19:26:45 0 d-------- C:\Program\Windows Live Safety Center
2008-02-18 11:36:20 0 d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2008-02-18 11:36:20 0 d-------- C:\Documents and Settings\lokalt\Lokala instõllningar
2008-02-18 11:36:20 0 d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2008-02-18 11:22:47 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-18 11:22:47 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-18 11:22:47 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-18 11:22:47 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-18 02:12:40 0 d-------- C:\Program\Trend Micro
2008-02-16 20:57:27 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-16 20:44:30 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 00:08:50 0 d-------- C:\Program\LucasArts
2008-02-12 23:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 22:17:08 0 d-------- C:\Documents and Settings\lokalt\Application Data\skypePM
2008-02-01 22:17:08 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-01 22:14:50 0 d-------- C:\Documents and Settings\lokalt\Application Data\Skype
2008-02-01 22:12:56 0 d-------- C:\Program\Skype
2008-02-01 22:12:42 0 d-------- C:\Program\Delade filer\Skype
2008-02-01 22:11:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2008-02-23 10:29:46 0 d-------- C:\Program\Delade filer
2008-02-22 13:44:47 0 d-------- C:\Program\DAEMON Tools
2008-02-19 15:09:20 0 d-------- C:\Documents and Settings\lokalt\Application Data\uTorrent
2008-02-19 12:55:57 88936 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-16 21:04:34 0 d-------- C:\Program\Digital Line Detect
2008-02-16 20:58:11 0 d-------- C:\Program\Apoint
2008-02-13 00:08:58 0 d--h----- C:\Program\InstallShield Installation Information
2008-02-12 16:33:28 0 d-------- C:\Program\Delade filer\InstallShield
2008-02-10 23:23:21 0 d-------- C:\Documents and Settings\lokalt\Application Data\dvdcss
2008-01-01 23:45:06 0 d-------- C:\Documents and Settings\lokalt\Application Data\AdobeUM
2007-12-27 15:59:54 0 d-------- C:\Documents and Settings\lokalt\Application Data\Macromedia
2007-12-27 15:59:44 809 --a------ C:\WINDOWS\mozver.dat
2007-12-23 23:37:06 0 d-------- C:\Documents and Settings\lokalt\Application Data\Adobe
2007-11-28 19:07:09 620 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DB05189-E3E6-4D4B-852B-C9F32B59F48A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{692C15D1-7E33-416F-A1D0-7E9261888DFD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7cccf70b-f4b4-4d98-9f4a-a1e551b10ed3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8193D7A3-E2A4-4539-A915-54DB44CC8F3E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B64D0956-3985-485D-9151-7C706DC8F1AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6B30170-643E-48D9-9BA5-E8C48FC9E02D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBC0981E-B112-46A2-990B-80E5ED881AFB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 12:01]
"nwiz"="nwiz.exe" [2004-10-26 12:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2004-02-02 15:32]
"SunJavaUpdateSched"="C:\Program\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"bascstray"="BascsTray.exe" []
"Dell QuickSet"="C:\Program\Dell\QuickSet\quickset.exe" [2004-03-04 20:59]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18]
"AdaptecDirectCD"="C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"SCANINICIO"="C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe" [2003-06-18 12:00]
"APVXDWIN"="C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.exe" [2004-04-29 14:59]
"NWTRAY"="NWTRAY.EXE" [2001-12-18 13:24 C:\WINDOWS\SYSTEM32\nwtray.exe]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2007-12-13 08:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:34]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"Skype"="C:\Program\Skype\Phone\Skype.exe" [2007-12-07 15:08]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

C:\Documents and Settings\lokalt\Start-meny\Program\Autostart\
DESKTOP.INI [2002-10-01 10:39:12]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
DESKTOP.INI [2002-10-01 10:39:12]
Digital Line Detect.lnk - C:\Program\Digital Line Detect\DLG.exe [2004-05-21 11:56:50]
Microsoft Office Snabbs”kning.lnk - C:\Program\Microsoft Office\Office\FINDFAST.EXE [1997-08-31 23:00:00]
Office-autostart.lnk - C:\Program\Microsoft Office\Office\OSA.EXE [1997-08-31 23:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vcmujrag]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - COMFILTR
*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC



-- End of Deckard's System Scanner: finished at 2008-02-23 10:40:15 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: Intel® Pentium® M processor 1400MHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 511.23 MiB / 157.07 MiB
Pagefile Memory (total/avail): 1248.18 MiB / 916.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.66 MiB

C: is Fixed (NTFS) - 18.57 GiB total, 0.9 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N020ATMR04-0 - 18.63 GiB - 2 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installerbart filsystem - 18.57 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Panda Antivirus Platinum 7 v7.07.02 (Panda Software)
AV: Panda Antivirus Platinum 7 v7.07.02 (Panda Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\lokalt\Application Data
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=PC403097
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\PC403097
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program\Delade filer\Adaptec Shared\System;C:\Program\Panda Software\Panda Antivirus Platinum;C:\WINDOWS\system32\nls;C:\WINDOWS\system32\nls\ENGLISH
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\lokalt\LOKALA~1\Temp
TMP=C:\DOCUME~1\lokalt\LOKALA~1\Temp
USERDOMAIN=PC403097
USERNAME=lokalt
USERPROFILE=C:\Documents and Settings\lokalt
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

lokalt (admin)
Administratör (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program\Delade filer\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver --> C:\Program\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program\uTorrent\uTorrent.exe" /UNINSTALL
Broadcom Advanced Control Suite --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Broadcom ASF Management Applications --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Conexant D480 MDC V.9x Modem --> C:\Program\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Creative WebCam Live! Pro Driver (1.00.06.0811) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres V0080Pin.crl
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Wireless WLAN Utility --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Digital Line Detect --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x1d ControlPanelAnyText
DivX Content Uploader --> C:\Program\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
GroupWise --> C:\WINDOWS\IsUn041d.exe -fC:\Novell\GroupWise\DeIsL1.isu -cC:\WINDOWS\System32\gwuninst.dll
GroupWise e-postintegrering för Internet-läsare --> C:\Novell\GroupWise\gwmailto.exe /uninstall
HijackThis 2.0.2 --> "C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
InterVideo WinDVD --> "C:\Program\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lotus Notes 6.5 sv --> MsiExec.exe /I{0991D763-742A-4AB7-B540-66D74AD7FFE7}
Malwarebytes' Anti-Malware --> "C:\Program\Malwarebytes' Anti-Malware\unins000.exe"
Marratech 5.1 --> MsiExec.exe /X{E896FA5F-ADB9-41BC-A7E5-5FFC6EB1A70E}
Marratech 6.1 --> MsiExec.exe /X{C2B6CF03-4336-4786-8DA0-3DB39AC00956}
Microsoft Clipart Extra --> C:\Program\Microsoft Office\Clipart\Install\Acme.exe /w clipart.stf
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 97 Professional --> C:\Program\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x1d ControlPanel
Mozilla Firefox (2.0.0.12) --> C:\Program\Mozilla Firefox\uninstall\helper.exe
NetWaiting --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x1d ControlPanelAnyText
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda Antivirus Platinum --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{E91563B4-D9EC-11D5-A2BB-00606771B69D}\setup.exe"
QuickSet --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
RealPlayer --> C:\Program\Delade filer\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Spybot - Search & Destroy --> "C:\Program\Spybot - Search & Destroy\unins000.exe"
Star Wars Battlefront II --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x9 -removeonly
Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program\VideoLAN\VLC\uninstall.exe
Windows Live inloggningsassistenten --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Mail --> MsiExec.exe /I{7664A2EF-34F5-42D2-8FD8-4FEF0047A929}
Windows Live Messenger --> MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program\WinRAR\uninstall.exe
WinZip --> "C:\Program\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type4380 / Success
Event Submitted/Written: 02/23/2008 10:32:06 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4366 / Success
Event Submitted/Written: 02/23/2008 10:27:59 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4361 / Success
Event Submitted/Written: 02/23/2008 00:15:49 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4355 / Success
Event Submitted/Written: 02/22/2008 01:34:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4354 / Error
Event Submitted/Written: 02/22/2008 01:33:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program skype.exe, version 3.6.0.244, felaktig modul skype.exe, version 3.6.0.244, felaktig adress 0x00919a41.
Mediespecifik händelse behandlas för [skype.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type413990 / Warning
Event Submitted/Written: 02/22/2008 01:32:14 PM / 02/22/2008 01:32:41 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type413225 / Warning
Event Submitted/Written: 02/20/2008 00:14:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.

Event Record #/Type413096 / Warning
Event Submitted/Written: 02/20/2008 00:05:28 AM / 02/20/2008 00:05:55 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type412914 / Error
Event Submitted/Written: 02/17/2008 07:50:51 PM / 02/17/2008 07:50:54 PM
Event ID/Source: 10010 / DCOM
Event Description:
Servern {33F9ACB0-55FC-11D3-A72F-00C0DF248B79} registrerades inte med DCOM inom erforderlig timeout.

Event Record #/Type412870 / Warning
Event Submitted/Written: 02/17/2008 07:47:05 PM / 02/17/2008 07:47:32 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.



-- End of Deckard's System Scanner: finished at 2008-02-23 10:40:15 ------------
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Okay looks good :)

Please go ahead and uninstall >Malwarebytes' Anti-Malware
=============================================
After that please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {3DB05189-E3E6-4D4B-852B-C9F32B59F48A} - (no file)
O2 - BHO: (no name) - {692C15D1-7E33-416F-A1D0-7E9261888DFD} - (no file)
O2 - BHO: (no name) - {7cccf70b-f4b4-4d98-9f4a-a1e551b10ed3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8193D7A3-E2A4-4539-A915-54DB44CC8F3E} - (no file)
O2 - BHO: (no name) - {B64D0956-3985-485D-9151-7C706DC8F1AF} - (no file)
O2 - BHO: (no name) - {C6B30170-643E-48D9-9BA5-E8C48FC9E02D} - (no file)
O2 - BHO: (no name) - {CBC0981E-B112-46A2-990B-80E5ED881AFB} - (no file)
O20 - Winlogon Notify: vcmujrag - C:\WINDOWS\



Now click on Fix Checked and then close Hijackthis.
===================================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    [list]
  • Posted Image

The above procedure will delete and do the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
==================================
After that your log is clean :)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here


It is always important that you keep your antivirus up to date and run Biweekly scans with it.
If you want a second opinion then do an online scan.

Each scanner will find something different because they use different definitions.

But you have adequate protection with what you have.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP