Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Your Computer Was Infected by Unknown Trojan"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Your Computer Was Infected by Unknown Trojan"

Unread postby Didi » February 3rd, 2008, 8:14 am

Hi

I thought Spyware Doctor was suppose to find and eliminate these kind of threats, but it's doesn't :(

Please help me find and fix this problem manually...

When I click on "My Computer" and want to enter the folder "Programs"... I get this error msg popping up from nowhere.

"System Error!
Your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!

Click OK to download the antispyware program to clean your system! (Recommended)
"


How do I remove it? ...Please Heeeeelp!

Here is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:36, on 2008-02-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Spyware Doctor\pctsAuxs.exe
C:\Program\Spyware Doctor\pctsSvc.exe
C:\Program\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\iTunes\iTunes.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O2 - BHO: Player - {D989E9EA-8F56-4864-A1EA-2F9059A421BE} - C:\WINDOWS\orgnavi.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-646141688-1673222729-2687895899-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Gäst')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Program\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Program\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program\Yahoo!\Widgets\YahooWidgetEngine.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?4725afae0a254268abc41cde3c668738
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?4725afae0a254268abc41cde3c668738
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7458531783
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program\Delade filer\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Din/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 11001 bytes
Didi
Active Member
 
Posts: 5
Joined: February 3rd, 2008, 8:00 am
Advertisement
Register to Remove

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby Katana » February 9th, 2008, 9:15 am

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


Installed Programs
Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby Didi » February 9th, 2008, 10:39 am

Thank you very much, no worries about any delays!

Here is my list that you requested:

AC3Filter (remove only)
Ad-Aware 2007
Adobe Flash Player Plugin
Adobe InDesign CS
Adobe Photoshop CS
Adobe Reader 8.1.1
Adobe Shockwave Player
Agent Ransack Version 1.7.3
Ahead NeroVision Express
AppCore
Apple Mobile Device Support
Apple Software Update
Ashampoo WinOptimizer Platinum 3
AVI & MPEG Splitter 1.48
AVI/MPEG/RM/WMV Joiner 4.11
Babylon
BitComet 0.99
ccCommon
Component Framework
CoreVorbis Audio Decoder (remove only)
DC++ 0.698
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Feedidentifiering (Windows Live Toolbar)
ffdshow (remove only)
GOM Player
Google Toolbar for Firefox
Google Video Player
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) SE Runtime Environment 6 Update 1
LightScribe System Software 1.10.19.1
LiveUpdate (Symantec Corporation)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional med FrontPage
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Morgan Stream Switcher
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MultiMedia Lab® V
Musicmatch® Jukebox
Nero 6 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
NvMixer
OneCare Advisor (Windows Live Toolbar)
PC Connectivity Solution
Popup-blockeraren (Windows Live Toolbar)
QuickTime
RC Helicopter
RealPlayer
Registry Mechanic 7.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update för Microsoft .NET Framework 2.0 (kB928365)
Skype 2.5
SLD Codec Pack
Smarta menyer (Windows Live Toolbar)
Snabbkorrigering för Windows Media Player 11 (KB939683)
SPBBC 32bit
Spyware Doctor 5.5
Stöd för talsyntes i MultiMedia Lab® V
SureThing CD Labeler LightScribe Trial 5
SymNet
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows XP (KB883939)
Säkerhetsuppdatering för Windows XP (KB890046)
Säkerhetsuppdatering för Windows XP (KB893756)
Säkerhetsuppdatering för Windows XP (KB896358)
Säkerhetsuppdatering för Windows XP (KB896422)
Säkerhetsuppdatering för Windows XP (KB896423)
Säkerhetsuppdatering för Windows XP (KB896424)
Säkerhetsuppdatering för Windows XP (KB896428)
Säkerhetsuppdatering för Windows XP (KB896688)
Säkerhetsuppdatering för Windows XP (KB899587)
Säkerhetsuppdatering för Windows XP (KB899588)
Säkerhetsuppdatering för Windows XP (KB899591)
Säkerhetsuppdatering för Windows XP (KB900725)
Säkerhetsuppdatering för Windows XP (KB901017)
Säkerhetsuppdatering för Windows XP (KB901214)
Säkerhetsuppdatering för Windows XP (KB902400)
Säkerhetsuppdatering för Windows XP (KB903235)
Säkerhetsuppdatering för Windows XP (KB904706)
Säkerhetsuppdatering för Windows XP (KB905414)
Säkerhetsuppdatering för Windows XP (KB905749)
Säkerhetsuppdatering för Windows XP (KB905915)
Säkerhetsuppdatering för Windows XP (KB908519)
Säkerhetsuppdatering för Windows XP (KB908531)
Säkerhetsuppdatering för Windows XP (KB911280)
Säkerhetsuppdatering för Windows XP (KB911562)
Säkerhetsuppdatering för Windows XP (KB911567)
Säkerhetsuppdatering för Windows XP (KB911927)
Säkerhetsuppdatering för Windows XP (KB912812)
Säkerhetsuppdatering för Windows XP (KB912919)
Säkerhetsuppdatering för Windows XP (KB913446)
Säkerhetsuppdatering för Windows XP (KB913580)
Säkerhetsuppdatering för Windows XP (KB914388)
Säkerhetsuppdatering för Windows XP (KB914389)
Säkerhetsuppdatering för Windows XP (KB916281)
Säkerhetsuppdatering för Windows XP (KB917159)
Säkerhetsuppdatering för Windows XP (KB917344)
Säkerhetsuppdatering för Windows XP (KB917422)
Säkerhetsuppdatering för Windows XP (KB917953)
Säkerhetsuppdatering för Windows XP (KB918118)
Säkerhetsuppdatering för Windows XP (KB918439)
Säkerhetsuppdatering för Windows XP (KB918899)
Säkerhetsuppdatering för Windows XP (KB919007)
Säkerhetsuppdatering för Windows XP (KB920213)
Säkerhetsuppdatering för Windows XP (KB920214)
Säkerhetsuppdatering för Windows XP (KB920670)
Säkerhetsuppdatering för Windows XP (KB920683)
Säkerhetsuppdatering för Windows XP (KB920685)
Säkerhetsuppdatering för Windows XP (KB921398)
Säkerhetsuppdatering för Windows XP (KB921503)
Säkerhetsuppdatering för Windows XP (KB921883)
Säkerhetsuppdatering för Windows XP (KB922616)
Säkerhetsuppdatering för Windows XP (KB922760)
Säkerhetsuppdatering för Windows XP (KB922819)
Säkerhetsuppdatering för Windows XP (KB923191)
Säkerhetsuppdatering för Windows XP (KB923414)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB923694)
Säkerhetsuppdatering för Windows XP (KB923980)
Säkerhetsuppdatering för Windows XP (KB924191)
Säkerhetsuppdatering för Windows XP (KB924270)
Säkerhetsuppdatering för Windows XP (KB924496)
Säkerhetsuppdatering för Windows XP (KB924667)
Säkerhetsuppdatering för Windows XP (KB925454)
Säkerhetsuppdatering för Windows XP (KB925486)
Säkerhetsuppdatering för Windows XP (KB925902)
Säkerhetsuppdatering för Windows XP (KB926255)
Säkerhetsuppdatering för Windows XP (KB926436)
Säkerhetsuppdatering för Windows XP (KB927779)
Säkerhetsuppdatering för Windows XP (KB927802)
Säkerhetsuppdatering för Windows XP (KB928090)
Säkerhetsuppdatering för Windows XP (KB928255)
Säkerhetsuppdatering för Windows XP (KB928843)
Säkerhetsuppdatering för Windows XP (KB929123)
Säkerhetsuppdatering för Windows XP (KB929969)
Säkerhetsuppdatering för Windows XP (KB930178)
Säkerhetsuppdatering för Windows XP (KB931261)
Säkerhetsuppdatering för Windows XP (KB931768)
Säkerhetsuppdatering för Windows XP (KB931784)
Säkerhetsuppdatering för Windows XP (KB932168)
Säkerhetsuppdatering för Windows XP (KB933566)
Säkerhetsuppdatering för Windows XP (KB933729)
Säkerhetsuppdatering för Windows XP (KB935839)
Säkerhetsuppdatering för Windows XP (KB935840)
Säkerhetsuppdatering för Windows XP (KB936021)
Säkerhetsuppdatering för Windows XP (KB937143)
Säkerhetsuppdatering för Windows XP (KB938127)
Säkerhetsuppdatering för Windows XP (KB938829)
Säkerhetsuppdatering för Windows XP (KB939653)
Säkerhetsuppdatering för Windows XP (KB941202)
Säkerhetsuppdatering för Windows XP (KB941568)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB941644)
Säkerhetsuppdatering för Windows XP (KB943460)
Säkerhetsuppdatering för Windows XP (KB943485)
Säkerhetsuppdatering för Windows XP (KB944653)
Uppdatering för Windows XP (KB894391)
Uppdatering för Windows XP (KB896727)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB900485)
Uppdatering för Windows XP (KB910437)
Uppdatering för Windows XP (KB916595)
Uppdatering för Windows XP (KB920872)
Uppdatering för Windows XP (KB922582)
Uppdatering för Windows XP (KB927891)
Uppdatering för Windows XP (KB929338)
Uppdatering för Windows XP (KB930916)
Uppdatering för Windows XP (KB931836)
Uppdatering för Windows XP (KB933360)
Uppdatering för Windows XP (KB938828)
Uppdatering för Windows XP (KB942763)
VCRedistSetup
Webbsökning med flikar (Windows Live Toolbar)
Verktygsfältet Outlook (Windows Live Toolbar)
VideoLAN VLC media player 0.8.6d
Winamp
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows-drivrutinspaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows-drivrutinspaket - Nokia Modem (02/15/2007 3.1)
Windows-drivrutinspaket - Nokia Modem (02/15/2007 3.1)
Windows-drivrutinspaket - Nokia Modem (05/24/2007 6.84.0.1)
WinRAR archiver
VobSub v2.05 (Remove Only)
Vodei Multimedia Processor 2.10
XviD MPEG-4 Video Codec
Yahoo! Install Manager
Yahoo! Widgets
Didi
Active Member
 
Posts: 5
Joined: February 3rd, 2008, 8:00 am

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby Katana » February 9th, 2008, 10:54 am

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitComet 0.99

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1

Now close the Control Panel.

Please post the ComboFix log when you have it.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby Didi » February 9th, 2008, 12:23 pm

Here is the ComboFix logg as you requested:


ComboFix 08-02.05.3 - Din 2008-02-09 17:08:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.584 [GMT 1:00]
Running from: C:\Documents and Settings\Din\Skrivbord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Din\Application Data\macromedia\Flash Player\#SharedObjects\9GWJJBGK\www.broadcaster.com
C:\Documents and Settings\Din\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Din\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\orgnavi.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-07 14:44 . 2008-02-07 14:44 <KAT> d-------- C:\Program\Lavasoft
2008-02-07 14:44 . 2008-02-07 14:49 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 14:43 . 2008-02-07 14:43 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-02-07 14:15 . 2008-02-07 14:15 <KAT> d-------- C:\Program\uTorrent
2008-02-07 14:15 . 2008-02-09 15:27 <KAT> d-------- C:\Documents and Settings\Din\Application Data\uTorrent
2008-02-07 11:46 . 2008-02-07 11:46 <KAT> d--hsc--- C:\Program\Delade filer\WindowsLiveInstaller
2008-02-07 11:45 . 2008-02-07 11:45 <KAT> d-------- C:\Program\Windows Live
2008-02-07 11:45 . 2008-02-07 11:45 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-07 11:35 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-07 11:34 . 2008-02-07 11:34 <KAT> d-------- C:\NVIDIA
2008-02-07 11:16 . 2008-02-07 11:16 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-07 08:34 . 2008-02-07 08:34 <KAT> d-------- C:\Program\Vodei
2008-02-03 13:10 . 2008-02-03 13:10 <KAT> d-------- C:\Program\Trend Micro
2008-02-02 21:21 . 2008-02-02 21:21 <KAT> d-------- C:\Documents and Settings\Din\Application Data\Symantec
2008-02-02 21:17 . 2008-02-02 21:17 <KAT> d-------- C:\Program\Windows Sidebar
2008-02-02 21:16 . 2008-02-02 22:01 <KAT> d-------- C:\Program\Norton Internet Security
2008-02-02 21:14 . 2008-02-02 21:32 <KAT> d-------- C:\Program\Symantec
2008-02-02 21:14 . 2008-02-09 15:28 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-02 21:14 . 2008-02-02 21:32 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-02 21:14 . 2008-02-02 21:32 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-02 21:14 . 2008-02-02 21:32 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-02 21:14 . 2008-02-02 21:32 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-02 21:07 . 2008-02-09 17:05 <KAT> d-------- C:\Program\Delade filer\Symantec Shared
2008-02-02 20:54 . 2008-02-02 20:54 <KAT> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-02-02 20:20 . 2008-02-02 20:20 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-02 20:20 . 2008-02-02 20:18 218,504 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-02-02 20:18 . 2008-02-02 20:20 <KAT> d-------- C:\Program\Delade filer\PC Tools
2008-02-02 19:59 . 2008-02-06 03:02 <KAT> d-------- C:\Program\Spyware Doctor
2008-02-02 19:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-02 19:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-02 19:59 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-02 19:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-02 16:59 . 2008-02-02 16:59 30 --a------ C:\tmp.bat
2008-02-02 12:19 . 2008-02-02 12:19 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-02 01:56 . 2008-02-02 01:56 <KAT> d-------- C:\Program\iPod
2008-01-13 17:07 . 2008-01-13 17:07 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-13 17:06 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-13 17:06 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-13 17:06 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-13 17:06 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-01-13 17:06 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 15:51 --------- d-----w C:\Program\Java
2008-02-07 23:38 --------- d-----w C:\Program\DC++
2008-02-07 11:56 --------- d-----w C:\Program\BitComet
2008-02-07 10:56 --------- d-----w C:\Documents and Settings\Din\Application Data\DivX
2008-02-07 10:43 --------- d-----w C:\Program\DivX
2008-02-07 10:25 --------- d-----w C:\Program\Winamp
2008-02-07 10:21 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-07 07:34 --------- d-----w C:\Program\Vodei
2008-02-06 02:09 --------- d-----w C:\Documents and Settings\Din\Application Data\dvdcss
2008-02-06 02:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-02 18:24 --------- d-----w C:\Program\Yahoo!
2008-02-02 09:53 512 ----a-w C:\ScanSectorLog.dat
2008-02-02 09:49 --------- d-----w C:\Program\QuickTime
2008-02-02 00:57 --------- d-----w C:\Program\iTunes
2008-02-01 23:42 --------- d-----w C:\Documents and Settings\Din\Application Data\Nokia Multimedia Player
2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 16:17 --------- d-----w C:\Program\Nokia
2008-01-13 16:17 --------- d-----w C:\Program\Delade filer\Nokia
2008-01-13 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-09 09:08 --------- d-----w C:\Program\Alarm Clock
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-18 02:32 120 ----a-w C:\drmHeader.bin
2007-03-15 22:48 145,145 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_15_11_43_03_small.dmp.zip
2007-01-10 06:25 54,027 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_10_07_18_04_small.dmp.zip
2007-01-10 06:25 51,696 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_01_10_07_17_56_small.dmp.zip
2007-01-06 11:38 133,074 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_06_00_42_39_small.dmp.zip
2007-01-03 18:48 68,238 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_03_19_47_06_small.dmp.zip
2006-12-31 07:26 131,126 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_22_11_03_14_small.dmp.zip
2006-12-14 06:57 62,113 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_14_07_36_48_small.dmp.zip
2006-12-13 19:16 13,625 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_13_15_13_04_small.dmp.zip
2006-12-09 19:26 156,281 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_08_12_51_43_small.dmp.zip
2006-11-27 20:57 84,554,125 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_11_27_20_47_49_full.dmp.zip
2006-11-19 13:40 28,273,386 ----a-w C:\WINDOWS\Internet Logs\imsDebug.zip
2006-03-18 10:41 55,984 ----a-w C:\Documents and Settings\Din\Application Data\GDIPFONTCACHEV1.DAT
2004-11-30 13:23 40,960 ------r C:\Program\delete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-02 21:30 116088 --a------ C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 15:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"RegistryMechanic"="" []
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"osCheck"="C:\Program\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]
"Nokia.PCSync"="C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\Din\Start-meny\Program\Autostart\
Yahoo! Widget Engine.lnk - C:\Program\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16 2913584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" -atboottime
"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" -lang 1033
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" -lang 1033
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"DRam prosessor"=pornstealer.exe

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-02-02 20:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 20:00]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 ntportio;ntportio;C:\Documents and Settings\Din\Skrivbord\ntportio.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program\Delade filer\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-07 09:07:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2008-02-09 15:15:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"
- C:\Program\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-06 01:02:38 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Din.job"
- C:\Program\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 17:12:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-09 17:12:32
ComboFix-quarantined-files.txt 2008-02-09 16:12:18
.
2008-01-09 12:03:20 --- E O F ---
Didi
Active Member
 
Posts: 5
Joined: February 3rd, 2008, 8:00 am

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby Didi » February 9th, 2008, 12:32 pm

I've erased all updates:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Didi
Active Member
 
Posts: 5
Joined: February 3rd, 2008, 8:00 am

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby Katana » February 9th, 2008, 1:02 pm

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


Please post the log in reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby Didi » February 9th, 2008, 2:54 pm

Here is the Kapersky scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 09, 2008 7:52:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/02/2008
Kaspersky Anti-Virus database records: 555870
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 71342
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:10:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{1A39C588-3A99-4B95-BBCB-96A13AEFCEC8}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{40411CB0-7880-4555-86FA-749428A6F1C4}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{DE3929CB-CDA3-423F-BBF6-9D5F94455968}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{EE80E696-AACD-4402-8B26-08F21506612B}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{EE80E696-AACD-4402-8B26-08F21506612B}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\29537B26.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Din\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\cert8.db Object is locked skipped
C:\Documents and Settings\Din\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\formhistory.dat Object is locked skipped
C:\Documents and Settings\Din\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\history.dat Object is locked skipped
C:\Documents and Settings\Din\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\key3.db Object is locked skipped
C:\Documents and Settings\Din\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\parent.lock Object is locked skipped
C:\Documents and Settings\Din\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\search.sqlite Object is locked skipped
C:\Documents and Settings\Din\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\Din\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\5118c716.Standardanvändare\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Din\Lokala inställningar\Tidigare\History.IE5\MSHist012008020920080210\index.dat Object is locked skipped
C:\Documents and Settings\Din\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Din\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program\BitComet\Downloads\Bubble Butts Galore - Ice La Fox.mpg.bc! Object is locked skipped
C:\Program\BitComet\Downloads\Mia Smiles.wmv.bc! Object is locked skipped
C:\Program\BitComet\Downloads\Naughty Nanny\nyn2.avi.bc! Object is locked skipped
C:\Program\BitComet\Downloads\Whoriental_Sex_Academy_3_Scene_2_dvd.wmv.bc! Object is locked skipped
C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\orgnavi.dll.vir Infected: not-virus:Hoax.Win32.Renos.asl skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{095F29F3-4FE7-424C-BFF5-EA09C81D06A9}\RP1268\A0114267.dll Infected: not-virus:Hoax.Win32.Renos.asl skipped
C:\System Volume Information\_restore{095F29F3-4FE7-424C-BFF5-EA09C81D06A9}\RP1268\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CAD90102-4ADE-438C-93B9-14362FB9C64B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4781.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETB44C.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFEE2.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Didi
Active Member
 
Posts: 5
Joined: February 3rd, 2008, 8:00 am

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby Katana » February 9th, 2008, 9:36 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Driver::
    ntportio
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RegistryMechanic"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "DRam prosessor"=-
    ADS::

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


I would recommend deleting the files that Kaspersky says are locked in the C:\Program\BitComet\Downloads folder as well.
Yes, those ones !!!!!

How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: "Your Computer Was Infected by Unknown Trojan"

Unread postby 'KotaGuy » February 20th, 2008, 1:09 pm

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 87 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware