Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse


  • This topic is locked This topic is locked
12 replies to this topic

#1 GoodfeIIa

GoodfeIIa

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 08 April 2008 - 04:28 PM

Recently my computer has been really strange and my AVG Anti-Virus has found lots of Trojan Horse viruses. I dont notice the computer working slow but many strange things happen. Like for example that the window closes automaticly when I play Counter Strike. And sometimes it feels like someone else is clicking on the mouse because like right now I had to click on this box again to continue writing. Other strange things happen like that I sometimes cant click on certain buttons.

Here's the Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:59, on 2008-04-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Grisoft\avgcc.exe
C:\Program\Razer\Diamondback 3G\razerhid.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program\Stardock\ObjectDock\ObjectDock.exe
D:\Program\Grisoft\avgamsvr.exe
D:\Program\Grisoft\avgupsvc.exe
D:\Program\Grisoft\avgemc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\System32\svchost.exe
D:\Program\Grisoft\avgwb.dat
D:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\wvUkIYpq.dll (file missing)
O2 - BHO: (no name) - {96268165-C411-450A-B98D-ED0252EA0E10} - C:\WINDOWS\system32\khfEWmkK.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [ymgB49Mdy0] C:\Documents and Settings\All Users\Application Data\wzsfibqp\erankrqr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Program\Grisoft\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: wvUkIYpq - wvUkIYpq.dll (file missing)
O21 - SSODL: CDUnknown - {4b898752-5c7e-414a-9ebd-dcd5af77eb21} - C:\WINDOWS\Resources\CDUnknown.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7936 bytes


BC AdBot (Login to Remove)

 


#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:06:50 PM

Posted 12 April 2008 - 07:35 PM

Hi GoodfeIIa sorry for the delay

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt
Next
Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Please post back the vundofix txt and the DSS logs please may take a couple replies to get it all posted

#3 GoodfeIIa

GoodfeIIa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 13 April 2008 - 01:35 PM

Hi! Thank you for helping. :thumbsup:


Vundofix.txt
-------------------------


VundoFix V7.0.3

Scan started at 20:25:19 2008-04-13

Listing files found while scanning....

No infected files were found.


_________________________________________________________________________

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1982.48 MiB / 1438.23 MiB
Pagefile Memory (total/avail): 3269.23 MiB / 2873.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.18 MiB

C: is Fixed (NTFS) - 11.9 GiB total, 3.12 GiB free.
D: is Fixed (NTFS) - 220.99 GiB total, 3.45 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD250HJ - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 11.9 GiB - C:
\PARTITION1 - Installerbart filsystem - 220.99 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) Disabled
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\torrent.exe"="D:\\torrent.exe:*:Enabled:µTorrent"
"D:\\Program\\uTorrent\\uTorrent.exe"="D:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Program\\Steam\\steamapps\\elimenater@hotmail.com\\counter-strike\\hl.exe"="D:\\Program\\Steam\\steamapps\\elimenater@hotmail.com\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program\\DC++\\DCPlusPlus.exe"="D:\\Program\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"D:\\Program\\Electronic Arts\\Slaget om Midgård II\\game.dat"="D:\\Program\\Electronic Arts\\Slaget om Midgård II\\game.dat:*:Enabled:Slaget om Midgård™ II"
"D:\\Program\\Pro Evolution Soccer 2008\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Program\\Pro Evolution Soccer 2008\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"D:\\Program\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Program\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"D:\\Program\\Speed Limiter\\SpeedLimiter.exe"="D:\\Program\\Speed Limiter\\SpeedLimiter.exe:*:Enabled:SpeedLimiter - Speed Limiter"
"D:\\Program\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"="D:\\Program\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe:*:Enabled:Battlefront"
"C:\\Program\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"D:\\Program\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="D:\\Program\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program\\Internet Explorer\\iexplore.exe"="C:\\Program\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Downloads\\Age Of Empires II\\age2_x1.exe"="D:\\Downloads\\Age Of Empires II\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\\Program\\Age Of Empires II\\age2_x1.exe"="D:\\Program\\Age Of Empires II\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Administratör\\Mina dokument\\Downloads\\Age of Empires II\\empires2.exe"="C:\\Documents and Settings\\Administratör\\Mina dokument\\Downloads\\Age of Empires II\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Documents and Settings\\Administratör\\Mina dokument\\Downloads\\Age of Empires II\\age2_x1.exe"="C:\\Documents and Settings\\Administratör\\Mina dokument\\Downloads\\Age of Empires II\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\\Program\\Warcraft III\\Frozen Throne.exe"="D:\\Program\\Warcraft III\\Frozen Throne.exe:*:Enabled:Frozen Throne"
"D:\\Program\\Electronic Arts\\Häxkungens Tid\\game.dat"="D:\\Program\\Electronic Arts\\Häxkungens Tid\\game.dat:*:Enabled:Ringarnas herre™ - Häxkungens tid™"
"C:\\Documents and Settings\\Administratör\\Mina dokument\\Mina Spel\\Gameboy Advance\\VisualBoyAdvance.exe"="C:\\Documents and Settings\\Administratör\\Mina dokument\\Mina Spel\\Gameboy Advance\\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"D:\\Program\\THQ\\Company of Heroes\\RelicCOH.exe"="D:\\Program\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:RelicCOH"
"D:\\Program\\TVUPlayer\\TVUPlayer.exe"="D:\\Program\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"D:\\Program\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"="D:\\Program\\THQ\\Company of Heroes\\BugReport\\BugReport.exe:*:Enabled:BugReport"
"D:\\Program\\Grisoft\\avginet.exe"="D:\\Program\\Grisoft\\avginet.exe:*:Enabled:avginet.exe"
"D:\\Program\\Grisoft\\avgamsvr.exe"="D:\\Program\\Grisoft\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"D:\\Program\\Grisoft\\avgcc.exe"="D:\\Program\\Grisoft\\avgcc.exe:*:Enabled:avgcc.exe"
"D:\\Program\\Grisoft\\avgemc.exe"="D:\\Program\\Grisoft\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"="D:\\Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\Warcraft III\\Warcraft III.exe"="C:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program\\World of Warcraft\\Repair.exe"="D:\\Program\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Documents and Settings\\Administratör\\Lokala inställningar\\Temporary Internet Files\\Content.IE5\\OZVNUSCA\\WoW-BurningCrusade-enUS-Installer-downloader[1].exe"="C:\\Documents and Settings\\Administratör\\Lokala inställningar\\Temporary Internet Files\\Content.IE5\\OZVNUSCA\\WoW-BurningCrusade-enUS-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"D:\\Program\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="D:\\Program\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="D:\\Program\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Zirak\Application Data
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=ZIRAK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Zirak
LOGONSERVER=\\ZIRAK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramFiles=C:\Program
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Zirak\LOKALA~1\Temp
TMP=C:\DOCUME~1\Zirak\LOKALA~1\Temp
USERDOMAIN=ZIRAK
USERNAME=Zirak
USERPROFILE=C:\Documents and Settings\Zirak
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Zirak (admin)
Administratör (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack --> C:\Program\ACOUST~2\UNWISE.EXE C:\Program\ACOUST~2\INSTALL.LOG
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program\Delade filer\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program\Delade filer\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS --> RunDll32 "C:\Program\Delade filer\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program\Delade filer\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v2.3.3 --> "C:\Program\AGEIA Technologies\uninstall.exe"
ASIO4ALL --> D:\Program\ASIO4ALL v2\uninstall.exe
µTorrent --> "C:\Program\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "D:\Program\Audacity\unins000.exe"
Autofighter --> D:\Program\Runescape Program\Uninstall.exe
AVG 7.5 --> D:\Program\Grisoft\setup.exe /UNINSTALL
Call of Duty® 4 - Modern Warfare™ --> C:\Program\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Counter-Strike --> "D:\Program\Steam\steam.exe" steam://uninstall/10
DC++ 0.699 --> "D:\Program\DC++\uninstall.exe"
DivX Subtitle Displayer 5.00 --> "D:\Program\DivX Subtitle Displayer\unins000.exe"
Easy Video Splitter 1.28 --> "D:\Program\Easy Video Splitter\unins000.exe"
FIFA 08 --> MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
FL Studio v7.0 --> "D:\Program\FL Studio 7\unins000.exe"
FlatOut2 --> MsiExec.exe /I{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}
Ghost Recon Advanced Warfighter --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{EFC97089-04D6-42CE-A707-A343B4A7D2CD}\setup.exe" -l0x9
Google Earth Pro --> MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
GTA San Andreas --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "D:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Häxkungens Tid™ --> D:\Program\Electronic Arts\Häxkungens Tid\EAUninstall.exe
ImgBurn (Remove Only) --> "D:\Program\ImgBurn\uninstall.exe"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Mega Codec Pack 3.5.3 --> "D:\Program\K-Lite Codec Pack\unins000.exe"
Magic Video Converter Trial Version (English) 8.0.2.18 --> "d:\Program\Magic Video Converter\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011041D-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (1.5) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.5 (sv-SE)"
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Need for Speed™ ProStreet --> MsiExec.exe /X{343737F4-C04D-49F4-BE58-C7EAA8EBA57A}
NHL® 08 --> MsiExec.exe /X{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
ObjectDock Plus --> D:\Program\Stardock\OBJECT~1\objectdock.exe /uninstall
Oblivion --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerQuest PartitionMagic 8.0 --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Razer Diamondback 3G --> C:\Program\InstallShield Installation Information\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x1d -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Slaget om Midgård™ II --> D:\Program\Electronic Arts\Slaget om Midgård II\EAUninstall.exe
Snabbkorrigering för Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Säkerhetsuppdatering för Windows XP (KB932168) -->
Säkerhetsuppdatering för Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Svenska Spels Poker --> D:\Program\SVENSK~1\UNWISE.EXE D:\Program\SVENSK~1\INSTALL.LOG
TVUPlayer 2.3.5.3 --> D:\Program\TVUPlayer\uninst.exe
Uppdatering för Windows XP (KB931836) -->
Uppdatering för Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
VideoLAN VLC media player 0.8.6a --> D:\Program\VideoLAN\VLC\uninstall.exe
WildTangent Web Driver --> C:\WINDOWS\wt\updater\wcmdmgr.exe -uninstall wtwebdriver
Winamp (remove only) --> "D:\Program\Winamp\UninstWA.exe"
Windows-drivrutinspaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\Program\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_2EF26FE45CAD37150CF9729C80FA82394222218B\amdk8.inf
Windows Live Messenger --> MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Media Connect -->
WinRAR archiver --> D:\Program\WinRAR\uninstall.exe
World of Warcraft --> C:\Program\Delade filer\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2578 / Success
Event Submitted/Written: 04/13/2008 08:46:25 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2517 / Success
Event Submitted/Written: 04/12/2008 02:15:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2512 / Error
Event Submitted/Written: 04/11/2008 11:15:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program sdmcp.exe, version 0.0.5.11, felaktig modul sdmcp.exe, version 0.0.5.11, felaktig adress 0x00005303.
Mediespecifik händelse behandlas för [sdmcp.exe!ws!]

Event Record #/Type2485 / Error
Event Submitted/Written: 04/11/2008 02:54:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program sdmcp.exe, version 0.0.5.11, felaktig modul sdmcp.exe, version 0.0.5.11, felaktig adress 0x00005303.
Mediespecifik händelse behandlas för [sdmcp.exe!ws!]

Event Record #/Type2482 / Success
Event Submitted/Written: 04/11/2008 02:53:40 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7409 / Warning
Event Submitted/Written: 04/13/2008 08:19:37 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.

Event Record #/Type7381 / Warning
Event Submitted/Written: 04/13/2008 03:01:46 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.

Event Record #/Type7380 / Warning
Event Submitted/Written: 04/13/2008 01:40:59 AM
Event ID/Source: 36 / W32Time
Event Description:
Datorns tid har inte kunnat synkroniseras på 49152 sekunder eftersom
ingen tidsprovider har kunnat ge en användbar tidsstämpel. Datorns
klocka är inte synkroniserad.

Event Record #/Type7379 / Warning
Event Submitted/Written: 04/12/2008 11:58:01 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.

Event Record #/Type7378 / Warning
Event Submitted/Written: 04/12/2008 09:42:13 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.



-- End of Deckard's System Scanner: finished at 2008-04-13 20:31:33 ------------


#4 GoodfeIIa

GoodfeIIa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 13 April 2008 - 01:37 PM



The main.txt

Deckard's System Scanner v20071014.68
Run by Zirak on 2008-04-13 20:30:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-13 18:30:34 UTC - RP1 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Zirak.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:12, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program\Grisoft\avgamsvr.exe
D:\Program\Grisoft\avgupsvc.exe
D:\Program\Grisoft\avgemc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Grisoft\avgcc.exe
C:\Program\Razer\Diamondback 3G\razerhid.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program\Stardock\ObjectDock\ObjectDock.exe
C:\Program\Razer\Diamondback 3G\razerofa.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zirak\Skrivbord\dss.exe
D:\Program\TRENDM~1\HIJACK~1\Zirak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\wvUkIYpq.dll (file missing)
O2 - BHO: (no name) - {96268165-C411-450A-B98D-ED0252EA0E10} - C:\WINDOWS\system32\khfEWmkK.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [ymgB49Mdy0] C:\Documents and Settings\All Users\Application Data\wzsfibqp\erankrqr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Program\Grisoft\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-746137067-1060284298-725345543-500\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background (User 'Administratör')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-21-746137067-1060284298-725345543-500 Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe (User 'Administratör')
O4 - S-1-5-21-746137067-1060284298-725345543-500 User Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe (User 'Administratör')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: wvUkIYpq - wvUkIYpq.dll (file missing)
O21 - SSODL: CDUnknown - {4b898752-5c7e-414a-9ebd-dcd5af77eb21} - C:\WINDOWS\Resources\CDUnknown.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8406 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 dbustrcm - c:\docume~1\zirak\lokala~1\temp\dbustrcm.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\program\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\program\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
R2 nSvcLog (ForceWare user log service) - c:\program\nvidia corporation\networkaccessmanager\bin\nsvclog.exe

S3 FLEXnet Licensing Service - "c:\program\delade filer\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 20:25:19 0 d-------- C:\VundoFix Backups
2008-04-10 16:33:25 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-04-07 23:47:14 0 d-------- C:\Program\Acoustica Mixcraft
2008-04-07 15:57:47 113364 --ahs---- C:\WINDOWS\system32\KkmWEfhk.ini2
2008-04-07 14:49:38 6831 --ahs---- C:\WINDOWS\system32\GfPXacfe.ini2
2008-04-06 14:07:26 0 d-------- C:\Documents and Settings\Administratör\Patches
2008-04-02 22:05:21 0 d-------- C:\Documents and Settings\Zirak\Application Data\OpenOffice.org2
2008-04-02 22:04:04 0 d-------- C:\Program\OpenOffice.org 2.3
2008-03-27 20:24:14 0 d-------- C:\Documents and Settings\Zirak\cbt


-- Find3M Report ---------------------------------------------------------------

2008-04-13 20:24:31 0 d-------- C:\Documents and Settings\Zirak\Application Data\AVG7
2008-04-13 05:34:01 0 d-------- C:\Documents and Settings\Zirak\Application Data\uTorrent
2008-04-08 22:04:04 0 d-------- C:\Program\Warcraft III
2008-04-08 20:08:15 0 d-------- C:\Documents and Settings\Zirak\Application Data\Adobe
2008-04-06 17:09:10 0 d-------- C:\Program\Delade filer\Blizzard Entertainment
2008-03-30 07:52:48 315006 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-03-30 07:52:48 47784 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-03-12 19:38:37 0 d-------- C:\Program\Java
2008-03-12 19:36:13 0 d-------- C:\Program\Delade filer\Symantec Shared
2008-03-12 13:09:26 0 d-------- C:\Program\Microsoft CAPICOM 2.1.0.2
2008-03-12 11:35:49 0 d--h----- C:\Program\InstallShield Installation Information
2008-03-11 17:21:20 0 d-------- C:\Documents and Settings\Zirak\Application Data\Symantec
2008-03-11 17:20:35 0 d-------- C:\Program\Delade filer
2008-03-11 15:40:35 0 d-------- C:\Program\Delade filer\InstallShield
2008-02-27 11:17:41 0 d-------- C:\Documents and Settings\Zirak\Application Data\AdobeAUM
2008-02-27 11:17:40 0 d-------- C:\Documents and Settings\Zirak\Application Data\AdobeUM
2008-02-27 10:47:23 0 d-------- C:\Program\Delade filer\Adobe
2008-02-27 10:30:50 0 d-------- C:\Program\Windows Live
2008-02-27 07:47:51 0 d-------- C:\Program\PowerQuest
2008-02-26 14:28:36 0 d-------- C:\Program\DIFX
2008-02-26 14:28:33 0 d-------- C:\Program\Razer
2008-02-24 04:30:37 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller
2008-02-14 00:33:44 0 d-------- C:\Program\NVIDIA Corporation
2008-02-08 13:52:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-08 13:52:27 107134 --a------ C:\WINDOWS\UninstallFirefox.exe
2008-02-08 13:52:25 2752 --a------ C:\WINDOWS\mozver.dat
2008-02-07 16:59:54 137251 --a------ C:\WINDOWS\War3Unin.dat
2008-02-07 16:28:12 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-02-07 16:28:12 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-01-30 17:10:52 983 --a------ C:\WINDOWS\eReg.dat
2008-01-26 13:03:59 20480 --a------ C:\WINDOWS\system32\H@tKeysH@@k.DLL
2008-01-16 04:29:48 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1BFC0E-8AD2-424D-AC8A-06038481516E}]
C:\WINDOWS\system32\wvUkIYpq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96268165-C411-450A-B98D-ED0252EA0E10}]
C:\WINDOWS\system32\khfEWmkK.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14]
"nwiz"="nwiz.exe" [2007-10-04 18:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\Alcmtr.exe]
"AVG7_CC"="D:\Program\Grisoft\avgcc.exe" [2008-01-31 05:15]
"Adobe Reader Speed Launcher"="D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"Diamondback"="C:\Program\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 15:07]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_2"=regsvr32 /s /n /i:U shell32
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=D:\Program\Grisoft\avgw.exe /RUNONCE

C:\Documents and Settings\Zirak\Start-meny\Program\Autostart\
Stardock ObjectDock.lnk - D:\Program\Stardock\ObjectDock\ObjectDock.exe [2007-12-12 01:14:56]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-27 10:47:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ymgB49Mdy0"=C:\Documents and Settings\All Users\Application Data\wzsfibqp\erankrqr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\WINDOWS\system32\wvUkIYpq.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDUnknown"= {4b898752-5c7e-414a-9ebd-dcd5af77eb21} - C:\WINDOWS\Resources\CDUnknown.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program\DELADE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\Program\DELADE~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkIYpq]
wvUkIYpq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfEWmkK

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE




-- End of Deckard's System Scanner: finished at 2008-04-13 20:31:33 ------------


#5 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:06:50 PM

Posted 13 April 2008 - 06:29 PM

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


#6 GoodfeIIa

GoodfeIIa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 13 April 2008 - 08:32 PM

Here's the Combofix result

ComboFix 08-04-13.1 - Zirak 2008-04-14 3:04:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1382 [GMT 2:00]
Running from: C:\Documents and Settings\Zirak\Skrivbord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\GfPXacfe.ini
C:\WINDOWS\system32\GfPXacfe.ini2
C:\WINDOWS\system32\KkmWEfhk.ini
C:\WINDOWS\system32\KkmWEfhk.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-14 03:07 . 2008-04-14 03:07 <KAT> d-------- C:\WINDOWS\system32\xircom
2008-04-14 03:07 . 2008-04-14 03:07 <KAT> d-------- C:\Program\microsoft frontpage
2008-04-13 20:29 . 2008-04-13 20:29 <KAT> d-------- C:\Deckard
2008-04-13 20:25 . 2008-04-13 20:25 <KAT> d-------- C:\VundoFix Backups
2008-04-10 16:33 . 2008-04-10 16:33 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-04-10 16:25 . 2008-04-10 16:29 1,733 --a------ C:\WINDOWS\TSearch.INI
2008-04-07 23:47 . 2008-04-07 23:47 <KAT> d-------- C:\Program\Acoustica Mixcraft
2008-04-02 22:05 . 2008-04-11 01:11 <KAT> d-------- C:\Documents and Settings\Zirak\Application Data\OpenOffice.org2
2008-04-02 22:04 . 2008-04-02 22:04 <KAT> d-------- C:\Program\OpenOffice.org 2.3
2008-03-27 20:24 . 2008-03-27 20:24 <KAT> d-------- C:\Documents and Settings\Zirak\cbt
2008-03-26 10:00 . 2008-03-26 10:00 244 --ah----- C:\sqmnoopt18.sqm
2008-03-26 10:00 . 2008-03-26 10:00 232 --ah----- C:\sqmdata18.sqm
2008-03-25 07:32 . 2008-03-25 07:32 244 --ah----- C:\sqmnoopt17.sqm
2008-03-25 07:32 . 2008-03-25 07:32 244 --ah----- C:\sqmnoopt16.sqm
2008-03-25 07:32 . 2008-03-25 07:32 244 --ah----- C:\sqmnoopt15.sqm
2008-03-25 07:32 . 2008-03-25 07:32 244 --ah----- C:\sqmnoopt14.sqm
2008-03-25 07:32 . 2008-03-25 07:32 232 --ah----- C:\sqmdata17.sqm
2008-03-25 07:32 . 2008-03-25 07:32 232 --ah----- C:\sqmdata16.sqm
2008-03-25 07:32 . 2008-03-25 07:32 232 --ah----- C:\sqmdata15.sqm
2008-03-25 07:32 . 2008-03-25 07:32 232 --ah----- C:\sqmdata14.sqm
2008-03-25 07:30 . 2008-03-25 07:30 244 --ah----- C:\sqmnoopt13.sqm
2008-03-25 07:30 . 2008-03-25 07:30 232 --ah----- C:\sqmdata13.sqm
2008-03-24 09:27 . 2008-03-24 09:27 244 --ah----- C:\sqmnoopt12.sqm
2008-03-24 09:27 . 2008-03-24 09:27 244 --ah----- C:\sqmnoopt11.sqm
2008-03-24 09:27 . 2008-03-24 09:27 232 --ah----- C:\sqmdata12.sqm
2008-03-24 09:27 . 2008-03-24 09:27 232 --ah----- C:\sqmdata11.sqm
2008-03-24 09:25 . 2008-03-24 09:25 244 --ah----- C:\sqmnoopt10.sqm
2008-03-24 09:25 . 2008-03-24 09:25 232 --ah----- C:\sqmdata10.sqm
2008-03-20 10:10 . 2008-03-20 10:10 1,845,248 --------- C:\WINDOWS\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 01:07 --------- d-----w C:\Program\Delade filer\Blizzard Entertainment
2008-04-13 18:24 --------- d-----w C:\Documents and Settings\Zirak\Application Data\AVG7
2008-04-13 03:34 --------- d-----w C:\Documents and Settings\Zirak\Application Data\uTorrent
2008-04-08 20:04 --------- d-----w C:\Program\Warcraft III
2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 17:38 --------- d-----w C:\Program\Java
2008-03-12 17:36 --------- d-----w C:\Program\Delade filer\Symantec Shared
2008-03-12 11:09 --------- d-----w C:\Program\Microsoft CAPICOM 2.1.0.2
2008-03-12 09:35 --------- d--h--w C:\Program\InstallShield Installation Information
2008-03-11 15:21 --------- d-----w C:\Documents and Settings\Zirak\Application Data\Symantec
2008-03-11 13:40 --------- d-----w C:\Program\Delade filer\InstallShield
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 09:17 --------- d-----w C:\Documents and Settings\Zirak\Application Data\AdobeUM
2008-02-27 09:17 --------- d-----w C:\Documents and Settings\Zirak\Application Data\AdobeAUM
2008-02-27 08:47 --------- d-----w C:\Program\Delade filer\Adobe
2008-02-27 08:30 --------- d-----w C:\Program\Windows Live
2008-02-27 05:47 --------- d-----w C:\Program\PowerQuest
2008-02-26 12:28 --------- d-----w C:\Program\Razer
2008-02-26 12:28 --------- d-----w C:\Program\DIFX
2008-02-26 12:24 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-24 02:30 --------- dcsh--w C:\Program\Delade filer\WindowsLiveInstaller
2008-02-24 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-10 21:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-10 21:57 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-08 11:52 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe
2008-02-07 14:28 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-02-07 14:28 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-01-26 11:03 20,480 ----a-w C:\WINDOWS\system32\H@tKeysH@@k.DLL
2008-01-16 02:29 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-16 02:29 249,856 ------w C:\WINDOWS\Setup1.exe
.

------- Sigcheck -------

2007-06-15 23:34 578048 3e8b53e05155bcd52ca2d38d1f222dc0 C:\WINDOWS\system32\user32.dll

2007-06-15 23:46 2018304 916f1de6bc896570e29944c02b89d3e2 C:\WINDOWS\system32\ntkrnlpa.exe

2007-06-15 23:35 2138624 e7b3e4efb29f1b48062e6bca52b651e5 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96268165-C411-450A-B98D-ED0252EA0E10}]
C:\WINDOWS\system32\khfEWmkK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"AVG7_CC"="D:\Program\Grisoft\avgcc.exe" [2008-01-31 05:15 579072]
"Adobe Reader Speed Launcher"="D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Diamondback"="C:\Program\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 15:07 147456]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]
"AVG7_Run"="D:\Program\Grisoft\avgw.exe" [2008-01-31 05:14 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2008-03-01 15:02 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Zirak\Start-meny\Program\Autostart\
Stardock ObjectDock.lnk - D:\Program\Stardock\ObjectDock\ObjectDock.exe [2007-12-12 01:14:56 2860792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ymgB49Mdy0"= C:\Documents and Settings\All Users\Application Data\wzsfibqp\erankrqr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDUnknown"= {4b898752-5c7e-414a-9ebd-dcd5af77eb21} - C:\WINDOWS\Resources\CDUnknown.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program\DELADE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\Program\DELADE~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkIYpq]
wvUkIYpq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-11-30 19:42 16858624 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program\\Steam\\steamapps\\elimenater@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"D:\\Program\\DC++\\DCPlusPlus.exe"=
"D:\\Program\\Pro Evolution Soccer 2008\\Pro Evolution Soccer 2008\\PES2008.exe"=
"D:\\Program\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program\\uTorrent\\uTorrent.exe"=
"D:\\Program\\THQ\\Company of Heroes\\RelicCOH.exe"=
"D:\\Program\\TVUPlayer\\TVUPlayer.exe"=
"D:\\Program\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=
"D:\\Program\\Grisoft\\avginet.exe"=
"D:\\Program\\Grisoft\\avgamsvr.exe"=
"D:\\Program\\Grisoft\\avgcc.exe"=
"D:\\Program\\Grisoft\\avgemc.exe"=
"C:\\Program\\Warcraft III\\Warcraft III.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Frozen Throne

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-04-10 16:33]
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 23:43]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 03:16:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> D:\Program\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
D:\Program\Grisoft\avgamsvr.exe
D:\Program\Grisoft\avgupsvc.exe
D:\Program\Grisoft\avgemc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Completion time: 2008-04-14 3:17:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 01:17:35
Pre-Run: 3,257,618,432 byte ledigt
Post-Run: 3,203,870,720 byte ledigt
.
2008-04-09 11:27:30 --- E O F ---



And a new Highjack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:31:50, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program\Grisoft\avgamsvr.exe
D:\Program\Grisoft\avgupsvc.exe
D:\Program\Grisoft\avgemc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Grisoft\avgcc.exe
C:\Program\Razer\Diamondback 3G\razerhid.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program\Stardock\ObjectDock\ObjectDock.exe
C:\Program\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\explorer.exe
C:\Program\internet explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {96268165-C411-450A-B98D-ED0252EA0E10} - C:\WINDOWS\system32\khfEWmkK.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [ymgB49Mdy0] C:\Documents and Settings\All Users\Application Data\wzsfibqp\erankrqr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Program\Grisoft\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: wvUkIYpq - wvUkIYpq.dll (file missing)
O21 - SSODL: CDUnknown - {4b898752-5c7e-414a-9ebd-dcd5af77eb21} - C:\WINDOWS\Resources\CDUnknown.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7365 bytes


#7 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:06:50 PM

Posted 14 April 2008 - 04:16 PM

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: (no name) - {96268165-C411-450A-B98D-ED0252EA0E10} - C:\WINDOWS\system32\khfEWmkK.dll (file missing)
O20 - Winlogon Notify: wvUkIYpq - wvUkIYpq.dll (file missing)
O21 - SSODL: CDUnknown - {4b898752-5c7e-414a-9ebd-dcd5af77eb21} - C:\WINDOWS\Resources\CDUnknown.dll (file missing)


close out HJT please


Next

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Please post back a fresh HJT log as well please

#8 GoodfeIIa

GoodfeIIa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 14 April 2008 - 07:42 PM

The SUPERAntiSpyware scan log.

_____________________________________________________________________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2008 at 02:29 AM

Application Version : 4.0.1154

Core Rules Database Version : 3437
Trace Rules Database Version: 1429

Scan type : Complete Scan
Total Scan Time : 00:23:35

Memory items scanned : 404
Memory threats detected : 0
Registry items scanned : 4205
Registry threats detected : 29
File items scanned : 61121
File threats detected : 257

Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Adware.Tracking Cookie
C:\Documents and Settings\Zirak\Cookies\zirak@1xxx.cqcounter[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@eas.apm.emediate[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@overture[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@tradedoubler[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@ad1.emediate[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@server.lon.liveperson[3].txt
C:\Documents and Settings\Zirak\Cookies\zirak@yadro[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@www.clickmanage[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@aftonbladetnya.112.2o7[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@burstnet[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@sifomedia.dn[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@sv.partypoker[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@statcounter[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@insightxe.dn[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@imrworldwide[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@www.burstbeacon[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@image.masterstats[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@www7.addfreestats[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@adopt.specificclick[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@adbrite[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@list[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@adnetserver[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@revsci[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@www.googleadservices[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@ads.nordichardware[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@server.lon.liveperson[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@server.cpmstar[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@ads.reason[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@advertising[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@ad.ieurop[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@ad.yieldmanager[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@ad1.emediate[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@adtech[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@ad.zanox[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@banner.cdpoker[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@3.adbrite[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@stat.swedbank[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@adultadworld[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@track.adform[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@doubleclick[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@porntube[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@xiti[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@adsby.webtraffic[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@clicktorrent[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@azjmp[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@stat.stylesearch[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@date.ventivmedia[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@metroxxx[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@pukmedia[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@stat.blogorama[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@www.belstat[1].txt
C:\Documents and Settings\Zirak\Cookies\zirak@ads.mjoelkbar[2].txt
C:\Documents and Settings\Zirak\Cookies\zirak@crackle[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@ad.yieldmanager[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@ad1.emediate[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@ad1.emediate[3].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@adbrite[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@adopt.euroclick[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@ads.blogtalkradio[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@adsby.webtraffic[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@adultadworld[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@advertising[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@atdmt[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@doubleclick[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@bleep-tube[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@image.masterstats[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@imrworldwide[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@media.adrevolver[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@partypoker[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@realmedia[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@revsci[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@specificclick[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@statcounter[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@track.adform[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@tradedoubler[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@www.clickxchange[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@www.bleep-tube[1].txt
C:\Deckard\System Scanner\backup\DOCUME~1\Zirak\LOKALA~1\Temp\Cookies\zirak@zedo[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@2.adbrite[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@208.122.40[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@208.122.40[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@208.122.40[3].txt
C:\Documents and Settings\Administratör\Cookies\administratör@208.122.40[4].txt
C:\Documents and Settings\Administratör\Cookies\administratör@209.9.174[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@2o7[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@4.adbrite[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ad.adtoma[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ad.yieldmanager[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ad.zanox[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ad1.clickhype[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adbrite[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adecn[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adnetserver[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adopt.euroclick[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adopt.specificclick[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adrevolver[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.addynamix[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.adgoto[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.cronaweb[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.elfwood[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.gamershell[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.gmodules[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.gmodules[3].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.mininova[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.planetactive[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.pointroll[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ads.revsci[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver.adreactor[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver.adremedy[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver.adremedy[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver.easyad[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver.filefront[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver.incgamers[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver.spele[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver2.spele[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver3.spele[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adserver4.spele[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adtech[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@adultadworld[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@advertising[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@advertstream[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@aff.primaryads.co[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@anad.tacoda[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@apmebf[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@atdmt[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@atwola[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@banner.cdpoker[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@banner.prestigecasino[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@banners.adultfriendfinder[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@bluestreak[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@bs.serving-sys[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@burstnet[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@casalemedia[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@click-fr[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@click.cashengines[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@click.cybertvpartner[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@clickaider[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@clickbank[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@clicksor[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@clicktorrent[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@commissionxchange.directtrack[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@counter1.sextracker[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@counter15.sextracker[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@counter3.sextracker[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@counter4.sextracker[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@counter7.sextracker[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@crackserialkeygen[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@cz5.clickzs[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@cz6.clickzs[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@date.ventivmedia[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@digg.112.2o7[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@directtrack[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@doubleclick[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@downloadwarez[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@eas.apm.emediate[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@edge.ru4[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ehg-globalgamingleague.hitbox[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ehg-oreilly.hitbox[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@exchange.ggmedia[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@exoclick[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@fastclick[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@fl01.ct2.comclick[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@bleepmyjeans[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@galleries.teensexmovs[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@hardxxxtube[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@highbeam.122.2o7[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@hitbox[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@hornymatches[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@imrworldwide[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@indextools[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@jamster[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@kontera[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@linksynergy[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@linkto.mediafire[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@m.rmbclick[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@media.adrevolver[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@media.adrevolver[3].txt
C:\Documents and Settings\Administratör\Cookies\administratör@mediafire[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@mediamgr.ugo[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@mediaplex[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@mediataskmaster[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@mybannermaker[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@oas.dagensmedia[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@overture[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@partygaming.122.2o7[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@partypoker[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@petiteteenager[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@porno-shack[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@pornpro[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@postclicktracking[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@precisionclick[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@premiumtv.122.2o7[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@pro-market[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@prospect.adbureau[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@qksrv[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@questionmarket[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@realmedia[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@reduxads.valuead[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@revenue[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@revsci[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@richmedia.yahoo[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@server.cpmstar[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@server.iad.liveperson[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@serving-sys[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@sexlist[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@sextracker[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@smartadserver[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@softonic.112.2o7[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@spanishtracker[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@specificclick[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@spylog[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@stat.onestat[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@statcounter[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@stats.1stmarketingtraffic[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@tacoda[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@teensexmovs[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@toplist[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@track.adform[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@tradedoubler[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@tribalfusion[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@usenext[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@usenext[3].txt
C:\Documents and Settings\Administratör\Cookies\administratör@viaseplayer.112.2o7[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@wareznetwork[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@wareznet[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@warezreleases[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@weborama[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.3dstats[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.burstbeacon[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.burstnet[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.clickmanage[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.comprabanner[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.downloadwarez[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.fullreleases[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.googleadservices[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.googleadservices[4].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.hardxxxtube[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.infinitewarez[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.jamster[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.mediafire[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.petiteteenager[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.pornhub[2].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.tns-counter[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.warezquality[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.wecounthits[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www.zanox-affiliate[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www3.addfreestats[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www5.addfreestats[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@www8.addfreestats[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@xiti[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@yadro[1].txt
C:\Documents and Settings\Administratör\Cookies\administratör@zedo[2].txt


_______________________________________________________________________________
A new Highjack this log

_______________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:40:14, on 2008-04-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\DELADE~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program\Razer\Diamondback 3G\razerhid.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
D:\Program\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program\Grisoft\AVG7\avgamsvr.exe
D:\Program\Grisoft\AVG7\avgupsvc.exe
D:\Program\Grisoft\AVG7\avgemc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\internet explorer\iexplore.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program\Stardock\ObjectDock\ObjectDock.exe
C:\Program\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [ymgB49Mdy0] C:\Documents and Settings\All Users\Application Data\wzsfibqp\erankrqr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7564 bytes


#9 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:06:50 PM

Posted 14 April 2008 - 08:45 PM

Any improvement ?

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

#10 GoodfeIIa

GoodfeIIa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 16 April 2008 - 03:52 PM

I see many improvements now. :thumbsup: Infact I can't see any signs of viruses now. But I want to be sure the system files arent infected. Here's the scan report.

Scanning Report
Wednesday, April 16, 2008 21:55:24 - 22:49:10
Computer name: ZIRAK
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 54580
System: 3057
Not scanned: 120
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
x �65C78A2FD6\EULA.1036.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1037.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1038.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1040.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1041.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1042.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1043.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1044.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1045.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1046.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1049.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1053.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.1055.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.2052.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.2070.RTF
C:\F1C6EF02DE65C78A2FD6\EULA.3082.RTF
C:\F1C6EF02DE65C78A2FD6\GENCOMP.DLL
C:\F1C6EF02DE65C78A2FD6\HTMLLITE.DLL
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1025.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1028.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1029.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1030.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1031.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1032.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1035.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1036.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1037.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1038.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1040.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1041.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1042.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1043.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1044.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1045.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1046.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1049.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1053.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1055.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.2052.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.2070.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.3076.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.3082.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.INI
C:\F1C6EF02DE65C78A2FD6\REBOOTSTUB.EXE
C:\F1C6EF02DE65C78A2FD6\RUNMSI.EXE
C:\F1C6EF02DE65C78A2FD6\SETUP.EXE
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1025.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1028.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1029.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1030.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1031.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1032.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1035.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1036.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1037.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1038.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1040.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1041.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1042.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1043.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1044.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1045.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1046.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1049.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1053.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1055.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.2052.DLL
C:\F1C6EF0L�z.Lx x \F1C6EF02DE65C78A2FD6\LOCDATA.1025.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1028.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1029.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1030.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1031.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1032.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1035.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1036.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1037.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1038.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1040.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1041.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1042.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1043.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1044.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1045.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1046.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1049.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1053.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.1055.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.2052.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.2070.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.3076.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.3082.INI
C:\F1C6EF02DE65C78A2FD6\LOCDATA.INI
C:\F1C6EFF6C�x EBOOTSTUB.EXE
C:\F1C6EF02DE65C78A2FD6\RUNMSI.EXE
C:\F1C6EF02DE65C78A2FD6\SETUP.EXE
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1025.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1028.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1029.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1030.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1031.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1032.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1035.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1036.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1037.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1038.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1040.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1041.DLL
C:\F1C6EF02DE65C78A2FD6\SETUPRES.1042.DLL
--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-04-16
F-Secure AVP: 7.0.171, 2008-04-16
F-Secure Pegasus: 1.20.0, 2008-02-28
F-Secure Blacklight: 1.0.64
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


#11 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:06:50 PM

Posted 16 April 2008 - 07:19 PM

:thumbsup:

Looks clean to me :blink:

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
I recommend you regularly visit the Windows Update Site , you where lagging behind on a few of them!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Another recommend, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

#12 GoodfeIIa

GoodfeIIa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 17 April 2008 - 07:41 AM

Thank you so much for all the help. I've recommended this site for many friends!! :blink: :thumbsup:

#13 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:06:50 PM

Posted 17 April 2008 - 08:06 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users