Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is My Computer Infected?


  • Please log in to reply
10 replies to this topic

#1 zirak_90

zirak_90

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 24 September 2007 - 05:02 AM

Here's the Highjack This log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:17, on 2007-09-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
E:\Program\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
E:\Program\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Program\Grisoft\AVG7\avgupsvc.exe
E:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\vVX1000.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Microsoft LifeCam\MSCamSvc.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program\Stardock\ObjectDock\ObjectDock.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\WinRar\WinRAR.exe
C:\DOCUME~1\Zirak\LOKALA~1\Temp\Rar$EX00.578\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] E:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = E:\Program\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188430017468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188430012437
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

--
End of file - 7831 bytes


BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:53 PM

Posted 02 October 2007 - 01:16 PM

Hello zirak_90 and welcome to BleepingComputer!

Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#3 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 31 October 2007 - 02:52 PM

Ok, here the new HiJackThis Log. :thumbsup:
______________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:33, on 2007-10-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program\Grisoft\AVG7\avgamsvr.exe
D:\Program\Grisoft\AVG7\avgupsvc.exe
D:\Program\Grisoft\AVG7\avgemc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
D:\Program\Winamp\winamp.exe
C:\Program\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
C:\Documents and Settings\Zirak\Skrivbord\iexplore.exe
D:\Program\Grisoft\AVG7\avgwb.dat
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6951 bytes

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:53 PM

Posted 01 November 2007 - 05:24 PM

Hey zirak_90,

thanks for posting a fresh log.
Just a quick question - Do you have the Internet Explorer installed in a different path: "C:\Documents and Settings\Zirak\Skrivbord\iexplore.exe" ?

Step #1

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Step #2

It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer.
Your log doesn't show a firewall running. If you have disabled it, please re-enable it.
If you do not have a firewall installed, please download and install one of these excellent (and free) products:If you want to have a look at the user manuals for the above suggested programs, have a look at the following:Step #3

Run HijackThis, press Scan, and put a check mark next to all these entries:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_12\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_12\bin\ssv.dll


Close all other windows and browsers, and press the Fix Checked button.

The following line is also regarded to spy, but is your option to remove: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Step #4

Please do an online scan with Kaspersky Webscan (You need to use InternetExplorer or enable IEView in Firefox)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button >> name it >> chose "Text file" in the Save as type dialogue
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #5

Please post back with a fresh HijackThis log, the Kaspersky Onlinescan and any symptoms that you are experiencing with your pc.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 November 2007 - 02:44 PM

Sorry for taking a long time answering back but I had another problems with the computer which made me formate it all, several times.
I formated it today and after about 1 hour I already had several viruses. I'm not sure how I got it. I was installing the programs again, since I had formated the computer, and when I had installed AVG and scanned it found several viruses.

I have Outpost firewall now, the new Java and AVG 7.5 Free Edition. Here's the new Hijackthis Log:
___________________________________________________________________________________________________-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:19, on 2007-11-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
D:\Program\Stardock\ObjectDock\ObjectDock.exe
D:\Program\Grisoft\AVG7\avgamsvr.exe
D:\Program\Grisoft\AVG7\avgupsvc.exe
D:\Program\Grisoft\AVG7\avgemc.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - C:\WINDOWS\system32\byxwuuv.dll (file missing)
O2 - BHO: (no name) - {4093FE9D-BEFD-40B0-8740-57C0438095FD} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Intec Service Drivers] ntservice.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Outpost Firewall] D:\Program\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\RunServices: [Intec Service Drivers] ntservice.exe
O4 - HKCU\..\Run: [Intec Service Drivers] ntservice.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] ntservice.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: D:\Program\Agnitum\OUTPOS~1.0\wl_hook.dll
O20 - Winlogon Notify: byxwuuv - byxwuuv.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - D:\Program\Agnitum\OUTPOS~1.0\outpost.exe

--
End of file - 6847 bytes

#6 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:53 PM

Posted 20 November 2007 - 03:35 PM

Hey zirak_90,

no problem with the delay. We just start off fresh again.

Please note that you are infected with a trojan (horse) or a Backdoor / Backdoor Server.

Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately:
  • Disconnect the infected computer from the internet until the computer can be cleaned.
  • From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... (Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information).
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall?

However, since the infection looks relatively small from first sight, I am happy to try and clean your PC (I am just providing you with the above information to underline the impact that can occur with files like these on your pc).

Should you have any questions, please feel free to ask.

Now, on to the fix.

Step #1

Run HijackThis, press Scan, and put a check mark next to all these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {162C6BC2-E852-4D45-B139-E8A6737F1054} - C:\WINDOWS\system32\byxwuuv.dll (file missing)
O2 - BHO: (no name) - {4093FE9D-BEFD-40B0-8740-57C0438095FD} - C:\WINDOWS\system32\mllml.dll (file missing)
O4 - HKLM\..\Run: [Intec Service Drivers] ntservice.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] ntservice.exe
O4 - HKCU\..\Run: [Intec Service Drivers] ntservice.exe
O4 - HKCU\..\RunServices: [Intec Service Drivers] ntservice.exe
O20 - Winlogon Notify: byxwuuv - byxwuuv.dll (file missing)


Close all other windows and browsers, and press the Fix Checked button.

Step #2

Please do an online scan with Kaspersky Webscan (You need to use InternetExplorer or enable IEView in Firefox)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button >> name it >> chose "Text file" in the Save as type dialogue
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #3

For now, please post back with the Kaspersky Onlinescan report and a fresh HijackThis log. Thanks

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#7 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 22 November 2007 - 09:08 AM

Judging by this: "Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS."

I formated the computer again because I've formated so many times already and since I had just begun installing and downloading, I just formated it again. But I only formated Local Disk C and not D. Because that's where my system files is.

But, yesterday AVG found a trojan horse Startpage.CAN virus on the C:Mute.exe file. Does this have to do with that it's from before since I only formated Local Disk C? And I'm unsure what u mean with this:

"your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted."

Do you mean that the computer can never again be trusted unless you formate it or that it can't be trusted again even if u formate it etc?

Here's a new Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:43, on 2007-11-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program\DAEMON Tools\daemon.exe
D:\Program\Stardock\ObjectDock\ObjectDock.exe
D:\Program\Grisoft\AVG7\avgamsvr.exe
D:\Program\Grisoft\AVG7\avgupsvc.exe
D:\Program\Grisoft\AVG7\avgemc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\Internet Explorer\iexplore.exe
D:\Program\Grisoft\AVG7\avgcc.exe
D:\Program\Winamp\winamp.exe
D:\Program\uTorrent\uTorrent.exe
D:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6869 bytes


#8 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:53 PM

Posted 22 November 2007 - 03:01 PM

Hey Zirak_90,

I am kind of confused with your statements. Which was / is your Windows disk? C or D? Which did you format?

"your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted."

Well this is referring to the fact that even with a lot of digging and thorough cleaning, you can never be certain to have found all files that are related to the backdoor or trojan and thus it is no 100% guarantee of a trust able system once infected and a format is suggested.

Step #1

Please do an online scan with Kaspersky Webscan (You need to use InternetExplorer or enable IEView in Firefox)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button >> name it >> chose "Text file" in the Save as type dialogue
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #2

Please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close ALL applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
The logs can be quite lengthy..use two post if you need to get them all in.

Step #3

Please post back with the log from the Kaspersky Onlinescan and the b]main.txt[/b] and the extra.txt from the DSS scan. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#9 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 23 November 2007 - 09:42 AM

I had my system files on Local disk C and that was the one I formated.


I've followed the instructions and for some reason I only get the main.txt file with the dss.exe program.

Here's the Kaspersky Online Scan result:

__________________________________________________________________________________________________________________

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 23, 2007 4:57:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/11/2007
Kaspersky Anti-Virus database records: 464354
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 54225
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:49:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Zirak\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Zirak\Lokala inställningar\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Zirak\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Zirak\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Zirak\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zirak\Lokala inställningar\Temporary Internet Files\Content.IE5\ZUAULE8D\Mc%20Ren%20-%20Lost%20In%20The%20Game.%20(movie)%20-=Eazy-Me=-[1].rar Object is locked skipped
C:\Documents and Settings\Zirak\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zirak\Lokala inställningar\Tidigare\History.IE5\MSHist012007112320071124\index.dat Object is locked skipped
C:\Documents and Settings\Zirak\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Zirak\ntuser.dat.LOG Object is locked skipped
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7708E073-FDFA-4365-9CD3-275A70528EB9}\RP15\A0000264.exe Object is locked skipped
C:\System Volume Information\_restore{7708E073-FDFA-4365-9CD3-275A70528EB9}\RP16\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{79CEF371-53B5-4DF0-AFD1-481D62B13114}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Unfinished Downloads\The.Last.King.Of.Scotland[2006]DvDrip[Eng]-aXXo\The.Last.King.Of.Scotland[2006]DvDrip[Eng]-aXXo.avi Object is locked skipped

Scan process completed.


___________________________________________________________________________________________________________________

Here's the text from the main.txt file:

___________________________________________________________________________________________________________________

Deckard's System Scanner v20071014.68
Run by Zirak on 2007-11-23 15:36:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Zirak.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:29, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program\Grisoft\AVG7\avgamsvr.exe
D:\Program\Grisoft\AVG7\avgupsvc.exe
D:\Program\Grisoft\AVG7\avgemc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program\DAEMON Tools\daemon.exe
D:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Zirak\Skrivbord\dss.exe
D:\Program\TRENDM~1\HIJACK~1\Zirak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6860 bytes

-- Files created between 2007-10-23 and 2007-11-23 -----------------------------

2007-11-23 03:12:09 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-23 03:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-22 16:30:16 0 d-------- C:\Program\Delade filer\Blizzard Entertainment
2007-11-22 14:45:06 0 d-------- C:\Program\Java
2007-11-22 14:45:04 0 d-------- C:\Program\Delade filer\Java
2007-11-22 14:44:47 0 d-------- C:\Documents and Settings\Zirak\Application Data\Sun
2007-11-21 23:35:53 0 dr-h----- C:\$VAULT$.AVG
2007-11-21 23:22:12 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-11-21 23:17:26 0 d-------- C:\Program\Delade filer\Stardock
2007-11-21 22:43:38 0 d-------- C:\Program\MSXML 6.0
2007-11-21 22:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-21 22:02:19 0 d-------- C:\WINDOWS\SHELLNEW
2007-11-21 19:16:06 69322 --a------ C:\WINDOWS\War3Unin.dat
2007-11-21 19:16:05 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-11-21 19:16:05 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-11-21 19:00:57 0 d-------- C:\Program\Google
2007-11-21 19:00:57 0 d-------- C:\Documents and Settings\Zirak\Application Data\Google
2007-11-21 18:49:03 0 d-------- C:\Program\Copy of energy_blue_108
2007-11-21 18:49:03 0 d-------- C:\Documents and Settings\Zirak\Application Data\WinRAR
2007-11-21 18:47:37 0 d-------- C:\Program\Bonjour
2007-11-21 18:47:18 0 d-------- C:\Documents and Settings\Zirak\Application Data\Adobe
2007-11-21 18:41:07 0 d-------- C:\Program\Delade filer\Macrovision Shared
2007-11-21 18:30:18 0 d-------- C:\Documents and Settings\Zirak\Application Data\Winamp
2007-11-21 18:29:04 0 d-------- C:\Documents and Settings\Zirak\Application Data\vlc
2007-11-21 18:28:14 0 d-------- C:\Program\Delade filer\Adobe
2007-11-21 18:28:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-11-21 18:24:57 0 d-------- C:\Documents and Settings\Zirak\Contacts
2007-11-21 18:17:12 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-11-21 18:17:09 0 d-------- C:\Program\MSN Messenger
2007-11-21 18:14:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-21 18:14:31 0 d-------- C:\Documents and Settings\Zirak\Application Data\Mozilla
2007-11-21 18:13:42 0 d-------- C:\Documents and Settings\Zirak\Application Data\ImgBurn
2007-11-21 18:13:15 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 18:10:52 0 d-------- C:\Documents and Settings\Zirak\Application Data\uTorrent
2007-11-21 18:00:59 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-21 18:00:45 0 d-------- C:\Documents and Settings\Zirak\Application Data\AVG7
2007-11-21 18:00:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-21 18:00:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-21 18:00:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-21 17:42:59 0 d-------- C:\Program\Delade filer\ODBC
2007-11-21 17:42:57 0 d-------- C:\Program\Delade filer\SpeechEngines
2007-11-21 17:42:56 0 dr------- C:\Program
2007-11-21 17:42:56 0 d-------- C:\Program\Delade filer
2007-11-21 17:42:32 0 dr------- C:\Documents and Settings\Default User\Start-meny
2007-11-21 17:42:32 0 d-------- C:\Documents and Settings\Default User\Skrivbord
2007-11-21 17:42:32 0 d--h----- C:\Documents and Settings\Default User\Skrivare
2007-11-21 17:42:32 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-21 17:42:32 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-21 17:42:32 0 d--h----- C:\Documents and Settings\Default User\Nätverket
2007-11-21 17:42:32 0 d-------- C:\Documents and Settings\Default User\Mina dokument
2007-11-21 17:42:32 0 d--h----- C:\Documents and Settings\Default User\Mallar
2007-11-21 17:42:32 0 dr-h----- C:\Documents and Settings\Default User\Lokala inställningar
2007-11-21 17:42:32 0 d-------- C:\Documents and Settings\Default User\Favoriter
2007-11-21 17:42:32 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2007-11-21 17:42:32 0 dr------- C:\Documents and Settings\All Users\Start-meny
2007-11-21 17:42:32 0 d-------- C:\Documents and Settings\All Users\Skrivbord
2007-11-21 17:42:32 0 d--h----- C:\Documents and Settings\All Users\Mallar
2007-11-21 17:42:32 0 d-------- C:\Documents and Settings\All Users\Favoriter
2007-11-21 17:42:32 0 dr------- C:\Documents and Settings\All Users\Dokument
2007-11-21 17:40:43 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-21 17:40:43 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-21 17:40:38 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-21 17:40:38 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-21 17:40:38 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-21 17:40:38 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-21 17:40:20 202187 --ah----- C:\pmtimer.exe
2007-11-21 17:40:20 20992 --ah----- C:\makePNF.exe
2007-11-21 17:40:20 211039 --ah----- C:\DSPdsblr.exe
2007-11-21 17:40:20 246423 --ah----- C:\DPsFnshr.exe
2007-11-21 17:40:20 55808 --ah----- C:\devcon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 17:39:11 36864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys <Not Verified; Advanced Micro Devices; AMD Processor Driver>
2007-11-21 17:39:00 0 d--h----- C:\D
2007-11-21 17:38:55 0 d--hs---- C:\System Volume Information
2007-11-21 17:38:55 0 d-------- C:\Documents and Settings
2007-11-21 17:35:43 0 d-------- C:\WINDOWS
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\WinSxS
2007-11-21 17:35:43 0 dr------- C:\WINDOWS\Web
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\twain_32
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\wins
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\wbem
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\usmt
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\sv-se
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\spool
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\Setup
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\ras
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\oobe
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\npp
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\mui
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\IME
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\ias
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\export
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\drivers
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\config
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\3076
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\2052
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1054
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1053
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1042
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1041
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1037
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1033
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1031
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1028
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system32\1025
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\system
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\security
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Resources
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\repair
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Provisioning
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\PeerNet
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\pchealth
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Offline Web Pages
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Network Diagnostic
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\mui
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\msapps
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\msagent
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Media
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\java
2007-11-21 17:35:43 0 d--hs---- C:\WINDOWS\Installer
2007-11-21 17:35:43 0 d--h----- C:\WINDOWS\inf
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\ime
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Help
2007-11-21 17:35:43 0 dr--s---- C:\WINDOWS\Fonts
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\ehome
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Driver Cache
2007-11-21 17:35:43 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Debug
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Cursors
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\Config
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\AppPatch
2007-11-21 17:35:43 0 d-------- C:\WINDOWS\addins
2007-11-21 17:33:55 0 d-------- C:\Documents and Settings\Zirak\Application Data\Macromedia
2007-11-21 17:27:40 0 d-------- C:\WINDOWS\pss
2007-11-21 17:26:58 0 d-------- C:\WINDOWS\system32\Lang
2007-11-21 17:25:53 6272 --a------ C:\WINDOWS\system32\drivers\splitter.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 17:25:51 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 17:25:48 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-11-21 17:25:47 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 17:25:46 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 17:25:27 0 d-------- C:\WINDOWS\system32\RTCOM
2007-11-21 17:24:59 0 d-------- C:\Program\Realtek
2007-11-21 17:24:40 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-11-21 17:24:40 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-11-21 17:19:26 0 d--h----- C:\Program\InstallShield Installation Information
2007-11-21 17:18:53 22 --a------ C:\WINDOWS\FileName
2007-11-21 17:18:49 0 d-------- C:\Program\NVIDIA Corporation
2007-11-21 17:17:38 0 d-------- C:\WINDOWS\NV19321936.TMP
2007-11-21 17:16:31 0 d--hs---- C:\WINDOWS\CSC
2007-11-21 17:13:21 0 d-------- C:\WINDOWS\NV7881176.TMP
2007-11-21 17:13:19 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-21 17:08:34 0 dr-h----- C:\Documents and Settings\Zirak\Recent
2007-11-21 17:07:25 0 d-------- C:\Documents and Settings\Zirak\Application Data\Identities
2007-11-21 17:07:12 0 dr------- C:\Documents and Settings\Zirak\Start-meny
2007-11-21 17:07:12 0 d-------- C:\Documents and Settings\Zirak\Skrivbord
2007-11-21 17:07:12 0 d--h----- C:\Documents and Settings\Zirak\Skrivare
2007-11-21 17:07:12 0 dr-h----- C:\Documents and Settings\Zirak\SendTo
2007-11-21 17:07:12 0 d--h----- C:\Documents and Settings\Zirak\Nätverket
2007-11-21 17:07:12 1835008 --ah----- C:\Documents and Settings\Zirak\NTUSER.DAT
2007-11-21 17:07:12 0 d--h----- C:\Documents and Settings\Zirak\Mallar
2007-11-21 17:07:12 0 d--h----- C:\Documents and Settings\Zirak\Lokala inställningar
2007-11-21 17:07:12 0 dr------- C:\Documents and Settings\Zirak\Favoriter
2007-11-21 17:07:12 0 d--hs---- C:\Documents and Settings\Zirak\Cookies
2007-11-21 17:07:12 0 dr-h----- C:\Documents and Settings\Zirak\Application Data
2007-11-21 17:05:28 53 --ah----- C:\biosinfo
2007-11-21 17:03:25 0 d-------- C:\WINDOWS\nview
2007-11-21 17:03:24 131072 -ra------ C:\WINDOWS\system32\smdll.dll <Not Verified; ; SMdll Dynamic Link Library>
2007-11-21 17:03:24 128512 -ra------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>
2007-11-21 17:03:22 9728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys
2007-11-21 17:03:22 8192 -ra------ C:\WINDOWS\system32\sysinfo.sys
2007-11-21 17:03:22 114688 -ra------ C:\WINDOWS\system32\sysinfo.dll <Not Verified; Crystal Dew World; SysInfo>
2007-11-21 17:03:22 262144 -ra------ C:\WINDOWS\system32\HookShield.dll
2007-11-21 17:03:22 253952 -ra------ C:\WINDOWS\system32\HookMAp.dll
2007-11-21 17:03:22 32768 -ra------ C:\WINDOWS\system32\Auxiliary.dll
2007-11-21 17:03:21 217088 -ra------ C:\WINDOWS\system32\WinSys2.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2007-11-21 17:03:21 200704 -ra------ C:\WINDOWS\system32\WinSys.exe <Not Verified; ; DOT Application>
2007-11-21 17:03:21 69632 -ra------ C:\WINDOWS\system32\sw24.exe
2007-11-21 17:03:21 208896 -ra------ C:\WINDOWS\system32\sw20.exe <Not Verified; ; sw20 Application>
2007-11-21 17:03:21 1699840 -ra------ C:\WINDOWS\system32\msicpl.dll <Not Verified; MSI; MSI MsiCpl>
2007-11-21 17:02:56 0 d-------- C:\Program\Delade filer\InstallShield
2007-11-21 16:59:01 0 d-------- C:\Documents and Settings\Administratör\Application Data\Identities
2007-11-21 16:50:02 0 dr------- C:\Documents and Settings\Administratör\Start-meny
2007-11-21 16:50:02 0 d-------- C:\Documents and Settings\Administratör\Skrivbord
2007-11-21 16:50:02 0 d--h----- C:\Documents and Settings\Administratör\Skrivare
2007-11-21 16:50:02 0 dr-h----- C:\Documents and Settings\Administratör\SendTo
2007-11-21 16:50:02 0 dr-h----- C:\Documents and Settings\Administratör\Recent
2007-11-21 16:50:02 0 d--h----- C:\Documents and Settings\Administratör\Nätverket
2007-11-21 16:50:02 0 dr------- C:\Documents and Settings\Administratör\Mina dokument
2007-11-21 16:50:02 0 d--h----- C:\Documents and Settings\Administratör\Mallar
2007-11-21 16:50:02 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar
2007-11-21 16:50:02 0 dr------- C:\Documents and Settings\Administratör\Favoriter
2007-11-21 16:50:02 0 d--hs---- C:\Documents and Settings\Administratör\Cookies
2007-11-21 16:50:02 0 dr-h----- C:\Documents and Settings\Administratör\Application Data
2007-11-21 16:50:02 0 d---s---- C:\Documents and Settings\Administratör\Application Data\Microsoft
2007-11-21 16:50:01 671744 --a------ C:\Documents and Settings\Administratör\NTUSER.DAT
2007-11-21 16:49:56 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-11-21 16:49:54 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-21 16:49:54 0 d-------- C:\WINDOWS\Prefetch
2007-11-21 16:49:53 237568 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-21 16:49:53 0 d--h----- C:\Documents and Settings\LocalService\Lokala inställningar
2007-11-21 16:49:53 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-11-21 16:49:53 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-21 16:49:53 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-21 16:49:50 237568 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-21 16:49:50 0 d--h----- C:\Documents and Settings\NetworkService\Lokala inställningar
2007-11-21 16:49:50 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-11-21 16:49:50 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-21 16:49:50 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-21 16:48:49 237568 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-21 16:48:22 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-21 16:48:11 0 -rahs---- C:\MSDOS.SYS
2007-11-21 16:48:11 0 -rahs---- C:\IO.SYS
2007-11-21 16:48:11 0 --a------ C:\CONFIG.SYS
2007-11-21 16:48:11 0 --a------ C:\AUTOEXEC.BAT
2007-11-21 16:47:59 0 d-------- C:\WINDOWS\system32\dllcache
2007-11-21 16:47:34 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-21 16:47:22 0 d--h----- C:\Program\WindowsUpdate
2007-11-21 16:47:21 0 d-------- C:\Program\Onlinetjänster
2007-11-21 16:47:10 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-21 16:46:38 0 d---s---- C:\WINDOWS\Tasks
2007-11-21 16:46:37 0 d-------- C:\Program\Delade filer\MSSoap
2007-11-21 16:46:33 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-21 16:46:33 0 d-------- C:\WINDOWS\srchasst
2007-11-21 16:46:27 0 d-------- C:\Program\Movie Maker
2007-11-21 16:46:20 23040 --a------ C:\WINDOWS\system32\fltMc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 16:46:20 16896 --a------ C:\WINDOWS\system32\fltlib.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 16:46:20 128768 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 16:46:19 0 d-------- C:\WINDOWS\system32\Restore
2007-11-21 16:45:45 21700 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-21 16:45:42 0 d-------- C:\WINDOWS\Registration
2007-11-21 16:45:36 0 d-------- C:\Program\Windows Media Connect 2
2007-11-21 16:45:34 0 d-------- C:\Program\Messenger
2007-11-21 16:45:31 0 d-------- C:\Program\MSN Gaming Zone
2007-11-21 16:45:13 97792 --a------ C:\WINDOWS\system32\comrepl.dll <Not Verified; Microsoft Corporation; COM Services>
2007-11-21 16:45:06 349696 --a------ C:\WINDOWS\system32\hypertrm.dll <Not Verified; Hilgraeve, Inc.; Operativsystemet Microsoft® Windows®>
2007-11-21 16:45:06 0 d-------- C:\Program\Windows NT
2007-11-21 16:45:05 1866240 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 16:45:05 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 16:45:04 600576 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-21 16:45:03 91136 --a------ C:\WINDOWS\system32\mtxoci.dll <Not Verified; Microsoft Corporation; COM Services>
2007-11-21 16:45:03 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-11-21 16:45:03 956416 --a------ C:\WINDOWS\system32\msdtctm.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-11-21 16:45:03 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-11-21 16:45:03 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-21 16:45:02 11776 --a------ C:\WINDOWS\system32\xolehlp.dll <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-11-21 16:45:01 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll <Not Verified; Microsoft Corporation; COM Services>
2007-11-21 16:45:01 0 d-------- C:\WINDOWS\system32\Com
2007-11-21 16:45:01 60416 --a------ C:\WINDOWS\system32\colbact.dll <Not Verified; Microsoft Corporation; COM Services>
2007-11-21 16:45:01 110080 --a------ C:\WINDOWS\system32\clbcatex.dll <Not Verified; Microsoft Corporation; COM Services>
2007-11-21 16:45:01 625152 --a------ C:\WINDOWS\system32\catsrvut.dll <Not Verified; Microsoft Corporation; COM Services>
2007-11-21 16:45:01 225792 --a------ C:\WINDOWS\system32\catsrv.dll <Not Verified; Microsoft Corporation; COM Services>
2007-11-21 16:45:00 540160 --a------ C:\WINDOWS\system32\comuid.dll <Not Verified; Microsoft Corporation; COM Services>
2007-11-21 16:45:00 498688 --a------ C:\WINDOWS\system32\clbcatq.dll <Not Verified; Microsoft Corporation; COM Services>


-- Find3M Report ---------------------------------------------------------------

2007-11-21 17:42:32 62 --ahs---- C:\Documents and Settings\Zirak\Application Data\desktop.ini
2007-11-21 17:30:56 315006 --a------ C:\WINDOWS\system32\perfh01D.dat
2007-11-21 17:30:56 47784 --a------ C:\WINDOWS\system32\perfc01D.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 16:44]
"nwiz"="nwiz.exe" [2007-04-12 16:44 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 03:58]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 03:58]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-15 03:59]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 16:44]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"AVG7_CC"="D:\Program\Grisoft\AVG7\avgcc.exe" [2007-11-21 18:00]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_2"=regsvr32 /s /n /i:U shell32
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Zirak\Start-meny\Program\Autostart\
Stardock ObjectDock.lnk - D:\Program\Stardock\ObjectDock\ObjectDock.exe [2007-11-21 23:17:29]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - D:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program\DELADE~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\Program\DELADE~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE




-- End of Deckard's System Scanner: finished at 2007-11-23 15:37:02 ------------


#10 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 24 November 2007 - 02:44 PM

I actually have the extra.txt file now. First time I did that dss scan when I was going to post it here my internet connection stopped working so I couldnt post both them main.txt and extra.txt files here and turn off my computer. Later when the internet connection was back I did the dss scan again but this time I only got the main.txt file. I tried about 5 times but I only got the main.txt file. That's why I only posted the main.txt file on my latest post.

But now I found the first dss scan results on C:\Deckard\System Scanner so here's the extra.txt too

_________________________________________________________________________________________________________________
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 958.48 MiB / 493.73 MiB
Pagefile Memory (total/avail): 2313.95 MiB / 1877.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.19 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 34.18 GiB total, 29.06 GiB free.
D: is Fixed (NTFS) - 198.7 GiB total, 124.94 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR STM3250310AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 34.18 GiB - C:
\PARTITION1 - Utökat med XInt 13 - 198.7 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Program\\Grisoft\\AVG7\\avginet.exe"="D:\\Program\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"D:\\Program\\Grisoft\\AVG7\\avgamsvr.exe"="D:\\Program\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"D:\\Program\\Grisoft\\AVG7\\avgcc.exe"="D:\\Program\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"D:\\Program\\Grisoft\\AVG7\\avgemc.exe"="D:\\Program\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program\\utorrent\\utorrent.exe"="C:\\Program\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program\\uTorrent\\utorrent.exe"="D:\\Program\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program\\DC++\\DCPlusPlus.exe"="D:\\Program\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"D:\\Program\\Warcraft III\\Warcraft III.exe"="D:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Zirak\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=ZIRAK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Zirak
LOGONSERVER=\\ZIRAK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramFiles=C:\Program
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Zirak\LOKALA~1\Temp
TMP=C:\DOCUME~1\Zirak\LOKALA~1\Temp
USERDOMAIN=ZIRAK
USERNAME=Zirak
USERPROFILE=C:\Documents and Settings\Zirak
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Zirak (admin)
Administratör (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program\Delade filer\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
µTorrent --> "D:\Program\uTorrent\uninstall.exe"
AVG 7.5 --> D:\Program\Grisoft\AVG7\setup.exe /UNINSTALL
DC++ 0.698 --> "D:\Program\DC++\uninstall.exe"
FL Studio 6 --> D:\Program\Image-Line\FL Studio 6\uninstall.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "D:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "D:\Program\ImgBurn\uninstall.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011041D-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.4) --> C:\Program\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{DC86EAB4-DF11-4276-AB40-B556877F0E30}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
ObjectDock Plus --> D:\Program\Stardock\OBJECT~1\objectdock.exe /uninstall
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Realtek High Definition Audio Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x1d -removeonly
Snabbkorrigering för Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Säkerhetsuppdatering för Windows XP (KB932168) -->
Säkerhetsuppdatering för Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB931836) -->
Uppdatering för Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
VideoLAN VLC media player 0.8.6a --> D:\Program\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "D:\Program\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Media Connect -->
WinRAR archiver --> D:\Program\WinRAR\uninstall.exe
World of Warcraft --> C:\Program\Delade filer\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type169 / Error
Event Submitted/Written: 11/22/2007 04:57:52 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Stoppat program Frozen Throne.exe, version 1.5.0.0, stoppad modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

Event Record #/Type155 / Error
Event Submitted/Written: 11/21/2007 11:36:37 PM
Event ID/Source: 100 / AVG7
Event Description:
2007-11-21 22:36:37,625 ZIRAK [002084:000412] ERROR 000 AVG7.KRNL.ACT File C:\mute.exe could not be unplaned from CleanDrv removal, error: 2

Event Record #/Type150 / Success
Event Submitted/Written: 11/21/2007 10:49:09 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type147 / Warning
Event Submitted/Written: 11/21/2007 10:02:49 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
En provider, OffProv11, har registrerats i WMI-namnområdet, Root\MSAPPS11, men angav inte egenskapen HostingModel. Providern kommer att köras under kontot LocalSystem. Detta konto har höga privilegier och providern kan orsaka säkerhetsproblem om den inte personifierar begäranden från användare korrekt. Kontrollera att providern har testats så att den inte har några säkerhetshål och uppdatera egenskapen HostingModel så att ett konto med så låga privilegier som är praktiskt möjligt används.

Event Record #/Type146 / Warning
Event Submitted/Written: 11/21/2007 10:02:49 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
En provider, OffProv11, har registrerats i WMI-namnområdet, Root\MSAPPS11, men angav inte egenskapen HostingModel. Providern kommer att köras under kontot LocalSystem. Detta konto har höga privilegier och providern kan orsaka säkerhetsproblem om den inte personifierar begäranden från användare korrekt. Kontrollera att providern har testats så att den inte har några säkerhetshål och uppdatera egenskapen HostingModel så att ett konto med så låga privilegier som är praktiskt möjligt används.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type434 / Warning
Event Submitted/Written: 11/22/2007 11:39:59 PM
Event ID/Source: 2504 / Server
Event Description:
Servern kunde inte binda till transporten \Device\NetBT_Tcpip_{BA26BB3B-D4AE-46F9-A231-39420BB7290E}.

Event Record #/Type433 / Warning
Event Submitted/Written: 11/22/2007 11:39:55 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Datorn har automatiskt konfigurerat IP-adress för det nätverkskort
som har nätverksadressen 003018B157B5. Den IP-adress som används är 169.254.98.238.

Event Record #/Type432 / Warning
Event Submitted/Written: 11/22/2007 11:39:50 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Datorn kunde inte förnya adressen från nätverket (från DHCP-servern)
för nätverkskortet med nätverksadressen 003018B157B5. Följande fel uppstod:

%%121.
Datorn kommer att fortsätta försöka erhålla en ny adress själv från
DHCP-servern.

Event Record #/Type431 / Warning
Event Submitted/Written: 11/22/2007 11:39:24 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Datorn kunde inte förnya adressen från nätverket (från DHCP-servern)
för nätverkskortet med nätverksadressen 003018B157B5. Följande fel uppstod:

%%1223.
Datorn kommer att fortsätta försöka erhålla en ny adress själv från
DHCP-servern.

Event Record #/Type428 / Warning
Event Submitted/Written: 11/22/2007 11:37:39 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Datorn kunde inte förnya adressen från nätverket (från DHCP-servern)
för nätverkskortet med nätverksadressen 003018B157B5. Följande fel uppstod:

%%1223.
Datorn kommer att fortsätta försöka erhålla en ny adress själv från
DHCP-servern.



-- End of Deckard's System Scanner: finished at 2007-11-23 06:07:53 ------------


#11 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:53 PM

Posted 25 November 2007 - 11:01 AM

Hey Zirak_90,

Step #1

It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer.
Your log doesn't show a firewall running. If you have disabled it, please re-enable it.
If you do not have a firewall installed, please download and install one of these excellent (and free) products:If you want to have a look at the user manuals for the above suggested programs, have a look at the following:If you do decide to install a third party firewall, make sure that the windows firewall is not running and if it is, deactivate it.

Step #2

Run HijackThis, press Scan, and put a check mark next to all these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


Close all other windows and browsers, and press the Fix Checked button.

Step #3

If you use P2P software, make sure you are careful about what you open and what P2P program you install. Malware is all over the P2P networks and the programs often come bundled with Adware and Spyware.

Further readings of interest in regards to the p2p "issue" are: http://pcpitstop.com/spycheck/p2p.asp and this: http://pcpitstop.com/spycheck/badtorrent.asp

Step #4

Please post back with a fresh HijackThis log. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users