Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Got Virus or something :-(

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Got Virus or something :-(

Unread postby Valdemar-rex » November 30th, 2008, 4:50 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:46, on 2008-11-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.se/ig/dell?hl=sv&clie ... bd=5070117
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.se/ig/dell?hl=sv&clie ... bd=5070117
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtjf.exe] C:\WINDOWS\system32\kdtjf.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9875781C-8B0F-4583-8499-E152775FC9C7}: NameServer = 85.255.112.159;85.255.112.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL wcudea.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12430 bytes

Hello! I got something on my computer when I searched for updates to one of my programes. My current anti-virus/spyware program can't do anything about it and all the new programs i've installed get their access to the internet blocked by something thus making them useless as they can't get any updates or similar. I get annoying pop ups and some of the internet sites i try to visit gets ridirected. My old anti virus programme managed to identify the virus/worm as "Worm.Win32.Autorun.nuu".

That's pretty much all I know, Pleeease help me :flower:
//Valdemar-rex
Last edited by silver on December 5th, 2008, 9:12 pm, edited 1 time in total.
Reason: removed profanity from title
Valdemar-rex
Active Member
 
Posts: 13
Joined: November 30th, 2008, 4:32 pm
Advertisement
Register to Remove

Re: Got Virus or some shit :-(

Unread postby Shaba » December 4th, 2008, 4:38 am

Hi Valdemar-rex

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Got Virus or some shit :-(

Unread postby Valdemar-rex » December 4th, 2008, 9:00 am

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


I've got a problem. When I click the "Save list..." button the whole program closes and I get no notepad window either :-(
// Valdemar-rex
Valdemar-rex
Active Member
 
Posts: 13
Joined: November 30th, 2008, 4:32 pm

Re: Got Virus or some shit :-(

Unread postby Shaba » December 4th, 2008, 9:05 am

Thank you for information.

We will use then this instead:

  • Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Got Virus or some shit :-(

Unread postby Valdemar-rex » December 4th, 2008, 9:13 am

The program doesn't run properly. I get a fault window with the following text:

Autolt Error

Line -1:
Error: Error parsing function call

//valdemar
Valdemar-rex
Active Member
 
Posts: 13
Joined: November 30th, 2008, 4:32 pm

Re: Got Virus or some shit :-(

Unread postby Shaba » December 4th, 2008, 9:34 am

Then try this instead:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please copy/paste the contents of the following reports in your next reply:

DDS.txt
Attach.txt]
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Got Virus or some shit :-(

Unread postby Valdemar-rex » December 4th, 2008, 10:39 am

Wahoo! It worked :o
Here it comes! :king:

DDS (Version 1.0) - NTFSx86
Run by Olle Loeb at 15:31:16,17 on 2008-12-04
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.1285 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Olle Loeb\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.se/ig/dell?hl=sv&client=dell ... bd=5070117
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: System=kdtjf.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {439A09F4-6A16-4B44-BBC7-35D4B592DB92} - c:\windows\system32\iIbbbYRK.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\yaYQJAst.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [µTorrent] "c:\program files\utorrent\utorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [c:\windows\system32\kdtjf.exe] c:\windows\system32\kdtjf.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ollelo~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {9875781C-8B0F-4583-8499-E152775FC9C7} = 85.255.112.159;85.255.112.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: yaYQJAst - yaYQJAst.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL wcudea.dll jmwqwt.dll qrbmwb.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\yaYQJAst.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\iIbbbYRK

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-11-30 40840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-25 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-25 26824]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-11-30 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-11-30 81288]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-25 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-25 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-25 76040]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2004-12-13 165488]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-11-30 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-11-30 1079176]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccPwdSvc.exe" [2004-12-13 79472]
S3 NAL;Nal Service ;\??\c:\windows\system32\drivers\iqvw32.sys [2006-6-5 24064]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-25 27904]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-17 822424]

=============== Created Last 30 ================

2008-12-04 13:45 106,496 a------- c:\windows\system32\qrbmwb.dll
2008-12-04 13:45 106,496 a------- c:\windows\system32\daiiklqr.dll
2008-12-04 13:43 1,467,598 ---sh--- c:\windows\system32\pacskuah.ini
2008-12-04 13:43 71,168 a------- c:\windows\system32\haukscap.dll
2008-12-01 22:44 106,496 a------- c:\windows\system32\jmwqwt.dll
2008-12-01 22:44 106,496 a------- c:\windows\system32\omxasiwu.dll
2008-12-01 22:42 1,361,296 ---sh--- c:\windows\system32\duvmwuxp.ini
2008-12-01 22:42 70,144 a------- c:\windows\system32\pxuwmvud.dll
2008-11-30 21:34 <DIR> --d----- c:\program files\Trend Micro
2008-11-30 11:29 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-11-30 11:29 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-11-30 11:29 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-11-30 11:29 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-11-30 11:29 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-30 11:29 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\PC Tools
2008-11-30 11:28 1,329,053 ---sh--- c:\windows\system32\tljbtvby.ini
2008-11-30 11:28 70,656 a------- c:\windows\system32\ybvtbjlt.dll
2008-11-30 11:26 105,984 a------- c:\windows\system32\wcudea.dll
2008-11-30 11:26 105,984 a------- c:\windows\system32\ncfwhucd.dll
2008-11-25 22:51 <DIR> --dsh--- c:\documents and settings\olle loeb\UserData
2008-11-25 22:34 <DIR> a-dshr-- C:\autorun.inf
2008-11-25 18:00 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-25 18:00 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-25 17:59 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-25 17:59 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\AVGTOOLBAR
2008-11-25 17:59 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-25 17:59 <DIR> --d----- c:\program files\AVG
2008-11-25 17:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-25 16:59 103,936 a------- c:\windows\system32\qcyswl.dll
2008-11-25 16:59 103,936 a------- c:\windows\system32\hhcxfrkd.dll
2008-11-25 16:57 37,888 a------- c:\windows\system32\cBsTKExV.dll
2008-11-25 16:57 37,888 a------- c:\windows\system32\wvUNeBRh.dll
2008-11-25 16:57 37,888 a------- c:\windows\system32\urqPIBqP.dll
2008-11-25 16:57 37,888 a------- c:\windows\system32\pmnKeDSi.dll
2008-11-25 16:57 1,628,599 ---sh--- c:\windows\system32\vokrkoyq.ini
2008-11-25 16:57 72,192 a------- c:\windows\system32\qyokrkov.dll
2008-11-25 16:56 348,752 a--sh--- c:\windows\system32\KRYbbbIi.ini2
2008-11-25 16:56 348,752 a--sh--- c:\windows\system32\KRYbbbIi.ini
2008-11-25 16:56 246,272 a------- c:\windows\system32\iIbbbYRK.dll
2008-11-25 16:54 103 ---shr-- C:\autorun.8nf
2008-11-25 16:53 103 ---shr-- C:\autorun.7nf
2008-11-25 16:52 103 ---shr-- C:\autorun.6nf
2008-11-25 16:52 37,888 a------- c:\windows\system32\cbxvuuVO.dll
2008-11-25 16:51 103 ---shr-- C:\autorun.5nf
2008-11-25 16:51 37,888 a------- c:\windows\system32\qOiGVPjI.dll
2008-11-25 16:49 103 ---shr-- C:\autorun.4nf
2008-11-25 16:48 103 ---shr-- C:\autorun.3nf
2008-11-25 16:48 37,888 a------- c:\windows\system32\vTlkKDvs.dll
2008-11-25 16:47 103 ---shr-- C:\autorun.2nf
2008-11-25 16:47 37,888 a------- c:\windows\system32\nnnonnnl.dll
2008-11-25 16:46 103 ---shr-- C:\autorun.1nf
2008-11-25 16:44 37,888 a------- c:\windows\system32\yaYQJAst.dll
2008-11-25 16:44 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-25 16:43 <DIR> --dshr-- C:\resycled
2008-11-25 16:43 103 ---shr-- C:\autorun.0nf
2008-11-22 23:24 47,104 a------- c:\windows\system32\KMVIDC32.DLL
2008-11-12 16:27 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:20 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys

==================== Find3M ====================

2008-11-30 21:26 <DIR> --d----- c:\program files\LimeWire
2008-11-30 21:25 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\uTorrent
2008-11-25 17:49 <DIR> --d----- c:\program files\com hem security
2008-11-25 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2008-11-17 21:48 <DIR> --d----- c:\program files\GameSpy Arcade
2008-11-03 15:28 98,304 a------- c:\windows\system32\CmdLineExt.dll
2008-11-03 15:23 <DIR> --d----- c:\program files\Sierra
2008-10-31 22:58 <DIR> --d----- c:\program files\Starcraft
2008-10-31 15:25 <DIR> --d----- c:\program files\The Seal Hunter
2008-10-30 18:01 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\Xfire
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 17:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 18:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-10-02 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 13:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 13:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-10 02:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-10 02:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 11:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-09-07 15:26 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\SPORE
2008-05-08 15:02 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\F-Secure
2008-05-07 20:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fssg
2008-01-02 00:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2007-03-02 09:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2007-02-27 19:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SingleClick Systems
2007-02-19 16:35 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\BitTorrent
2007-01-25 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2007-01-17 17:16 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\Symantec
2007-01-17 17:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2007-11-29 20:47 168 ---shr-- c:\windows\system32\22083FF1ED.sys
2007-11-29 20:47 7,514 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-26 17:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 15:34:00,79 ===============

And Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-01-25 21:33:34
System Uptime: 2008-12-04 15:26:59 (0 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz
BIOS: Phoenix ROM BIOS PLUS Version 1.10 2.0.5 | DELL - 14 | 2.0.5 | 2006-11-30 01:00:00

==== Disk Partitions =========================

C: is FIXED (NTFS) - 170 GiB total, 7,433 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 1,808 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is CDROM ()
L: is CDROM ()
M: is Removable
N: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP360: 2008-11-25 16:56:30 - Software Distribution Service 3.0
RP361: 2008-11-25 16:56:31 - Systemkontrollpunkt
RP362: 2008-11-25 16:56:31 - Systemkontrollpunkt
RP363: 2008-11-25 16:56:31 - Software Distribution Service 3.0
RP364: 2008-11-25 16:56:31 - Systemkontrollpunkt
RP365: 2008-11-25 16:56:32 - Systemkontrollpunkt
RP366: 2008-11-25 16:56:32 - Systemkontrollpunkt
RP367: 2008-11-25 16:56:32 - Systemkontrollpunkt
RP368: 2008-11-25 16:56:32 - Systemkontrollpunkt
RP369: 2008-11-25 16:56:32 - Installerad SPORE™
RP370: 2008-11-25 16:56:33 - Systemkontrollpunkt
RP371: 2008-11-25 16:56:33 - Systemkontrollpunkt
RP372: 2008-11-25 16:56:33 - Software Distribution Service 3.0
RP373: 2008-11-25 16:56:33 - Systemkontrollpunkt
RP374: 2008-11-25 16:56:33 - Systemkontrollpunkt
RP375: 2008-11-25 16:56:34 - Systemkontrollpunkt
RP376: 2008-11-25 16:56:34 - Systemkontrollpunkt
RP377: 2008-11-25 16:56:35 - Systemkontrollpunkt
RP378: 2008-11-25 16:56:35 - Systemkontrollpunkt
RP379: 2008-11-25 16:56:35 - Systemkontrollpunkt
RP380: 2008-11-25 16:56:35 - Systemkontrollpunkt
RP381: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP382: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP383: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP384: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP385: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP386: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP387: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP388: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP389: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP390: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP391: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP392: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP393: 2008-11-25 16:56:38 - Systemkontrollpunkt
RP394: 2008-11-25 16:56:38 - Systemkontrollpunkt
RP395: 2008-11-25 16:56:38 - Software Distribution Service 3.0
RP396: 2008-11-25 16:56:38 - Systemkontrollpunkt
RP397: 2008-11-25 16:56:38 - Removed Adobe Reader 7.1.0
RP398: 2008-11-25 16:56:39 - Installed Adobe Reader 9.
RP399: 2008-11-25 16:56:39 - Systemkontrollpunkt
RP400: 2008-11-25 16:56:39 - Systemkontrollpunkt
RP401: 2008-11-25 16:56:39 - Systemkontrollpunkt
RP402: 2008-11-25 16:56:39 - Software Distribution Service 3.0
RP403: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP404: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP405: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP406: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP407: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP408: 2008-11-25 16:56:40 - Removed Dawn Of War
RP409: 2008-11-25 16:56:41 - Removed Dawn Of War - Winter Assault
RP410: 2008-11-25 16:56:41 - Removed Dawn Of War
RP411: 2008-11-25 16:56:41 - Systemkontrollpunkt
RP412: 2008-11-25 16:56:41 - Installed Dawn Of War
RP413: 2008-11-25 16:56:41 - Installed FEAR
RP414: 2008-11-25 16:56:41 - DirectX 9.0 har installerats
RP415: 2008-11-25 16:56:42 - Systemkontrollpunkt
RP416: 2008-11-25 16:56:42 - Systemkontrollpunkt
RP417: 2008-11-25 16:56:42 - Systemkontrollpunkt
RP418: 2008-11-25 16:56:42 - Systemkontrollpunkt
RP419: 2008-11-25 16:56:43 - Systemkontrollpunkt
RP420: 2008-11-25 16:56:43 - Systemkontrollpunkt
RP421: 2008-11-25 16:56:43 - Installed Windows Media Player Firefox Plugin
RP422: 2008-11-25 16:56:43 - Software Distribution Service 3.0
RP423: 2008-11-25 16:56:43 - Systemkontrollpunkt
RP424: 2008-11-25 16:56:44 - Systemkontrollpunkt
RP425: 2008-11-25 16:56:44 - Installed FEAR Extraction Point
RP426: 2008-11-25 16:56:44 - Systemkontrollpunkt
RP427: 2008-11-25 16:56:44 - Systemkontrollpunkt
RP428: 2008-11-25 16:56:44 - Systemkontrollpunkt
RP429: 2008-11-25 16:56:45 - Systemkontrollpunkt
RP430: 2008-11-25 16:56:45 - Systemkontrollpunkt
RP431: 2008-11-25 16:56:51 - Last known good configuration
RP432: 2008-11-25 17:59:46 - Installed AVG Free 8.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3File (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
Army Builder V2.2c
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG Free 8.0
Bonjour
Bonniers Trafikskola 2007
Caesar 3
Caesar IV
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Dark Omen
Dawn Of War
Dawn of War - Dark Crusade
DefilerPak 1.22 (Remove Only)
Dell CinePlayer
Dell Driver Reset Tool
Dell Network Assistant
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ESPNMotion
Evil Genius
FEAR
FEAR Extraction Point
GameSpy Arcade
GemMaster Mystic
Google Desktop
Google Toolbar for Internet Explorer
GPL MPEG-1/2 DirectShow Decoder Filter
Guitar Pro 5.0
Heroes of Might and Magic IV
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Localization Pack for Microsoft Windows XP Media Center Edition
LucasArts' Monkey 4
MCU
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Software Update for Web Folders (Swedish) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySQL Connector/ODBC 3.51
Norton Ghost 10.0
Otto
QuickTime
Rome - Total War - Gold Edition
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Visio 2007 (KB947590)
Shockwave
Sierra Utilities
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SPORE™
Spybot - Search & Destroy
Spyware Doctor 6.0
Starcraft
Update for Office 2007 (KB946691)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
WebFldrs XP
WhenU SaveNow
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live inloggningsassistenten
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3
WinRAR
Worms World Party
Worms2
Xfire (remove only)
Yahoo! Toolbar

==== Event Viewer Messages ===================


==== End Of File ===========================

//Valdemar-rex
Valdemar-rex
Active Member
 
Posts: 13
Joined: November 30th, 2008, 4:32 pm

Re: Got Virus or some shit :-(

Unread postby Shaba » December 4th, 2008, 10:56 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent
BitComet
Limewire


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

c:\program files\LimeWire
c:\documents and settings\olle loeb\application data\uTorrent
c:\documents and settings\olle loeb\application data\BitTorrent

Rename HijackThis.exe to Valdemar-rex.exe

Please run a new DDS scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Got Virus or some shit :-(

Unread postby Valdemar-rex » December 5th, 2008, 12:14 pm

I have already uninstalled the programs (I did this a couple of weeks ago), but now I have deleted those folders

I think I renamed the right HijackThis file

and here is the DDS scan result:

DDS (Version 1.0) - NTFSx86
Run by Olle Loeb at 17:10:22,15 on 2008-12-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.1342 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Olle Loeb\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.se/ig/dell?hl=sv&client=dell ... bd=5070117
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: System=kdtjf.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {20829BE9-2E67-47BC-9DB0-B20B4C4F4132} - c:\windows\system32\iIbbbYRK.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\yaYQJAst.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [µTorrent] "c:\program files\utorrent\utorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [c:\windows\system32\kdtjf.exe] c:\windows\system32\kdtjf.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ollelo~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {9875781C-8B0F-4583-8499-E152775FC9C7} = 85.255.112.159;85.255.112.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: yaYQJAst - yaYQJAst.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL wcudea.dll jmwqwt.dll qrbmwb.dll ixvnvp.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\yaYQJAst.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\iIbbbYRK

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-25 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-25 26824]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-25 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-25 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-25 76040]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2004-12-13 198256]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2004-12-13 165488]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-17 822424]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccPwdSvc.exe" [2004-12-13 79472]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-11-30 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-11-30 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-11-30 81288]
S3 NAL;Nal Service ;\??\c:\windows\system32\drivers\iqvw32.sys [2006-6-5 24064]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-25 27904]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-11-30 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-11-30 1079176]

=============== Created Last 30 ================

2008-12-05 16:45 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-05 16:29 106,496 a------- c:\windows\system32\ixvnvp.dll
2008-12-05 16:29 106,496 a------- c:\windows\system32\hsgesgim.dll
2008-12-05 16:28 1,467,818 ---sh--- c:\windows\system32\rxbdcnpk.ini
2008-12-05 16:28 71,680 a------- c:\windows\system32\kpncdbxr.dll
2008-12-04 13:45 106,496 a------- c:\windows\system32\qrbmwb.dll
2008-12-04 13:45 106,496 a------- c:\windows\system32\daiiklqr.dll
2008-12-04 13:43 1,467,598 ---sh--- c:\windows\system32\pacskuah.ini
2008-12-04 13:43 71,168 a------- c:\windows\system32\haukscap.dll
2008-12-01 22:44 106,496 a------- c:\windows\system32\jmwqwt.dll
2008-12-01 22:44 106,496 a------- c:\windows\system32\omxasiwu.dll
2008-12-01 22:42 1,361,296 ---sh--- c:\windows\system32\duvmwuxp.ini
2008-12-01 22:42 70,144 a------- c:\windows\system32\pxuwmvud.dll
2008-11-30 21:34 <DIR> --d----- c:\program files\Trend Micro
2008-11-30 11:29 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-11-30 11:29 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-11-30 11:29 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-11-30 11:29 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-11-30 11:29 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-30 11:29 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\PC Tools
2008-11-30 11:28 1,329,053 ---sh--- c:\windows\system32\tljbtvby.ini
2008-11-30 11:28 70,656 a------- c:\windows\system32\ybvtbjlt.dll
2008-11-30 11:26 105,984 a------- c:\windows\system32\wcudea.dll
2008-11-30 11:26 105,984 a------- c:\windows\system32\ncfwhucd.dll
2008-11-25 22:51 <DIR> --dsh--- c:\documents and settings\olle loeb\UserData
2008-11-25 22:34 <DIR> a-dshr-- C:\autorun.inf
2008-11-25 18:00 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-25 18:00 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-25 17:59 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-25 17:59 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\AVGTOOLBAR
2008-11-25 17:59 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-25 17:59 <DIR> --d----- c:\program files\AVG
2008-11-25 17:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-25 16:59 103,936 a------- c:\windows\system32\qcyswl.dll
2008-11-25 16:59 103,936 a------- c:\windows\system32\hhcxfrkd.dll
2008-11-25 16:57 37,888 a------- c:\windows\system32\cBsTKExV.dll
2008-11-25 16:57 37,888 a------- c:\windows\system32\wvUNeBRh.dll
2008-11-25 16:57 37,888 a------- c:\windows\system32\urqPIBqP.dll
2008-11-25 16:57 37,888 a------- c:\windows\system32\pmnKeDSi.dll
2008-11-25 16:57 1,628,599 ---sh--- c:\windows\system32\vokrkoyq.ini
2008-11-25 16:57 72,192 a------- c:\windows\system32\qyokrkov.dll
2008-11-25 16:56 338,972 a--sh--- c:\windows\system32\KRYbbbIi.ini2
2008-11-25 16:56 338,972 a--sh--- c:\windows\system32\KRYbbbIi.ini
2008-11-25 16:56 246,272 a------- c:\windows\system32\iIbbbYRK.dll
2008-11-25 16:54 103 ---shr-- C:\autorun.8nf
2008-11-25 16:53 103 ---shr-- C:\autorun.7nf
2008-11-25 16:52 103 ---shr-- C:\autorun.6nf
2008-11-25 16:52 37,888 a------- c:\windows\system32\cbxvuuVO.dll
2008-11-25 16:51 103 ---shr-- C:\autorun.5nf
2008-11-25 16:51 37,888 a------- c:\windows\system32\qOiGVPjI.dll
2008-11-25 16:49 103 ---shr-- C:\autorun.4nf
2008-11-25 16:48 103 ---shr-- C:\autorun.3nf
2008-11-25 16:48 37,888 a------- c:\windows\system32\vTlkKDvs.dll
2008-11-25 16:47 103 ---shr-- C:\autorun.2nf
2008-11-25 16:47 37,888 a------- c:\windows\system32\nnnonnnl.dll
2008-11-25 16:46 103 ---shr-- C:\autorun.1nf
2008-11-25 16:44 37,888 a------- c:\windows\system32\yaYQJAst.dll
2008-11-25 16:44 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-25 16:43 <DIR> --dshr-- C:\resycled
2008-11-25 16:43 103 ---shr-- C:\autorun.0nf
2008-11-22 23:24 47,104 a------- c:\windows\system32\KMVIDC32.DLL
2008-11-12 16:27 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:20 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys

==================== Find3M ====================

2008-12-05 16:45 <DIR> --d----- c:\program files\GameSpy Arcade
2008-11-25 17:49 <DIR> --d----- c:\program files\com hem security
2008-11-25 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2008-11-03 15:28 98,304 a------- c:\windows\system32\CmdLineExt.dll
2008-11-03 15:23 <DIR> --d----- c:\program files\Sierra
2008-10-31 22:58 <DIR> --d----- c:\program files\Starcraft
2008-10-31 15:25 <DIR> --d----- c:\program files\The Seal Hunter
2008-10-30 18:01 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\Xfire
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 17:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 18:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-10-02 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 13:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 13:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-10 02:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-10 02:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 11:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-09-07 15:26 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\SPORE
2008-05-08 15:02 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\F-Secure
2008-05-07 20:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fssg
2008-01-02 00:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2007-03-02 09:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2007-02-27 19:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SingleClick Systems
2007-01-25 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2007-01-17 17:16 <DIR> --d----- c:\docume~1\ollelo~1\applic~1\Symantec
2007-01-17 17:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2007-11-29 20:47 168 ---shr-- c:\windows\system32\22083FF1ED.sys
2007-11-29 20:47 7,514 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-26 17:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 17:12:58,95 ===============


and the attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-01-25 21:33:34
System Uptime: 2008-12-05 16:25:57 (1 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz
BIOS: Phoenix ROM BIOS PLUS Version 1.10 2.0.5 | DELL - 14 | 2.0.5 | 2006-11-30 01:00:00

==== Disk Partitions =========================

C: is FIXED (NTFS) - 170 GiB total, 7,429 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 1,808 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is CDROM ()
L: is CDROM ()
M: is Removable
N: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP360: 2008-11-25 16:56:30 - Software Distribution Service 3.0
RP361: 2008-11-25 16:56:31 - Systemkontrollpunkt
RP362: 2008-11-25 16:56:31 - Systemkontrollpunkt
RP363: 2008-11-25 16:56:31 - Software Distribution Service 3.0
RP364: 2008-11-25 16:56:31 - Systemkontrollpunkt
RP365: 2008-11-25 16:56:32 - Systemkontrollpunkt
RP366: 2008-11-25 16:56:32 - Systemkontrollpunkt
RP367: 2008-11-25 16:56:32 - Systemkontrollpunkt
RP368: 2008-11-25 16:56:32 - Systemkontrollpunkt
RP369: 2008-11-25 16:56:32 - Installerad SPORE™
RP370: 2008-11-25 16:56:33 - Systemkontrollpunkt
RP371: 2008-11-25 16:56:33 - Systemkontrollpunkt
RP372: 2008-11-25 16:56:33 - Software Distribution Service 3.0
RP373: 2008-11-25 16:56:33 - Systemkontrollpunkt
RP374: 2008-11-25 16:56:33 - Systemkontrollpunkt
RP375: 2008-11-25 16:56:34 - Systemkontrollpunkt
RP376: 2008-11-25 16:56:34 - Systemkontrollpunkt
RP377: 2008-11-25 16:56:35 - Systemkontrollpunkt
RP378: 2008-11-25 16:56:35 - Systemkontrollpunkt
RP379: 2008-11-25 16:56:35 - Systemkontrollpunkt
RP380: 2008-11-25 16:56:35 - Systemkontrollpunkt
RP381: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP382: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP383: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP384: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP385: 2008-11-25 16:56:36 - Systemkontrollpunkt
RP386: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP387: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP388: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP389: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP390: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP391: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP392: 2008-11-25 16:56:37 - Systemkontrollpunkt
RP393: 2008-11-25 16:56:38 - Systemkontrollpunkt
RP394: 2008-11-25 16:56:38 - Systemkontrollpunkt
RP395: 2008-11-25 16:56:38 - Software Distribution Service 3.0
RP396: 2008-11-25 16:56:38 - Systemkontrollpunkt
RP397: 2008-11-25 16:56:38 - Removed Adobe Reader 7.1.0
RP398: 2008-11-25 16:56:39 - Installed Adobe Reader 9.
RP399: 2008-11-25 16:56:39 - Systemkontrollpunkt
RP400: 2008-11-25 16:56:39 - Systemkontrollpunkt
RP401: 2008-11-25 16:56:39 - Systemkontrollpunkt
RP402: 2008-11-25 16:56:39 - Software Distribution Service 3.0
RP403: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP404: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP405: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP406: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP407: 2008-11-25 16:56:40 - Systemkontrollpunkt
RP408: 2008-11-25 16:56:40 - Removed Dawn Of War
RP409: 2008-11-25 16:56:41 - Removed Dawn Of War - Winter Assault
RP410: 2008-11-25 16:56:41 - Removed Dawn Of War
RP411: 2008-11-25 16:56:41 - Systemkontrollpunkt
RP412: 2008-11-25 16:56:41 - Installed Dawn Of War
RP413: 2008-11-25 16:56:41 - Installed FEAR
RP414: 2008-11-25 16:56:41 - DirectX 9.0 har installerats
RP415: 2008-11-25 16:56:42 - Systemkontrollpunkt
RP416: 2008-11-25 16:56:42 - Systemkontrollpunkt
RP417: 2008-11-25 16:56:42 - Systemkontrollpunkt
RP418: 2008-11-25 16:56:42 - Systemkontrollpunkt
RP419: 2008-11-25 16:56:43 - Systemkontrollpunkt
RP420: 2008-11-25 16:56:43 - Systemkontrollpunkt
RP421: 2008-11-25 16:56:43 - Installed Windows Media Player Firefox Plugin
RP422: 2008-11-25 16:56:43 - Software Distribution Service 3.0
RP423: 2008-11-25 16:56:43 - Systemkontrollpunkt
RP424: 2008-11-25 16:56:44 - Systemkontrollpunkt
RP425: 2008-11-25 16:56:44 - Installed FEAR Extraction Point
RP426: 2008-11-25 16:56:44 - Systemkontrollpunkt
RP427: 2008-11-25 16:56:44 - Systemkontrollpunkt
RP428: 2008-11-25 16:56:44 - Systemkontrollpunkt
RP429: 2008-11-25 16:56:45 - Systemkontrollpunkt
RP430: 2008-11-25 16:56:45 - Systemkontrollpunkt
RP431: 2008-11-25 16:56:51 - Last known good configuration
RP432: 2008-11-25 17:59:46 - Installed AVG Free 8.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3File (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
Army Builder V2.2c
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
AVG Free 8.0
Bonjour
Bonniers Trafikskola 2007
Caesar 3
Caesar IV
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Dark Omen
Dawn Of War
Dawn of War - Dark Crusade
DefilerPak 1.22 (Remove Only)
Dell CinePlayer
Dell Driver Reset Tool
Dell Network Assistant
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ESPNMotion
Evil Genius
FEAR
FEAR Extraction Point
GameSpy Arcade
GemMaster Mystic
Google Desktop
Google Toolbar for Internet Explorer
GPL MPEG-1/2 DirectShow Decoder Filter
Guitar Pro 5.0
Heroes of Might and Magic IV
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Localization Pack for Microsoft Windows XP Media Center Edition
LucasArts' Monkey 4
MCU
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Software Update for Web Folders (Swedish) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySQL Connector/ODBC 3.51
Norton Ghost 10.0
Otto
QuickTime
Rome - Total War - Gold Edition
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Visio 2007 (KB947590)
Shockwave
Sierra Utilities
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SPORE™
Spybot - Search & Destroy
Spyware Doctor 6.0
Starcraft
Update for Office 2007 (KB946691)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
WebFldrs XP
WhenU SaveNow
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live inloggningsassistenten
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3
WinRAR
Worms World Party
Worms2
Xfire (remove only)
Yahoo! Toolbar

==== Event Viewer Messages ===================


==== End Of File ===========================

//Valdemar-rex
Valdemar-rex
Active Member
 
Posts: 13
Joined: November 30th, 2008, 4:32 pm

Re: Got Virus or some shit :-(

Unread postby Shaba » December 5th, 2008, 1:12 pm

Uninstall also these:

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
WhenU SaveNow

After that:

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Got Virus or some shit :-(

Unread postby Valdemar-rex » December 5th, 2008, 7:08 pm

All programs uninstalled properly.

Combofix log report:


ComboFix 08-12-05.02 - Olle Loeb 2008-12-05 23:51:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1553 [GMT 1:00]
Command switches used :: c:\documents and settings\Olle Loeb\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\system32\cbxvuuVO.dll
c:\windows\system32\daiiklqr.dll
c:\windows\system32\duvmwuxp.ini
c:\windows\system32\haukscap.dll
c:\windows\system32\hhcxfrkd.dll
c:\windows\system32\hsgesgim.dll
c:\windows\system32\iIbbbYRK.dll
c:\windows\system32\ixvnvp.dll
c:\windows\system32\jmwqwt.dll
c:\windows\system32\kdtjf.exe
c:\windows\system32\kpncdbxr.dll
c:\windows\system32\KRYbbbIi.ini
c:\windows\system32\KRYbbbIi.ini2
c:\windows\system32\ncfwhucd.dll
c:\windows\system32\nnnonnnl.dll
c:\windows\system32\omxasiwu.dll
c:\windows\system32\pacskuah.ini
c:\windows\system32\pmnKeDSi.dll
c:\windows\system32\pxuwmvud.dll
c:\windows\system32\qcyswl.dll
c:\windows\system32\qOiGVPjI.dll
c:\windows\system32\qrbmwb.dll
c:\windows\system32\qyokrkov.dll
c:\windows\system32\rxbdcnpk.ini
c:\windows\system32\tljbtvby.ini
c:\windows\system32\urqPIBqP.dll
c:\windows\system32\wcudea.dll
c:\windows\system32\vokrkoyq.ini
c:\windows\system32\vTlkKDvs.dll
c:\windows\system32\wvUNeBRh.dll
c:\windows\system32\yaYQJAst.dll
c:\windows\system32\ybvtbjlt.dll
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 16:45 . 2008-12-05 16:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-04 14:08 . 2008-12-04 14:08 <DIR> d-------- C:\rsit
2008-11-30 21:34 . 2008-11-30 21:34 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 11:29 . 2008-11-30 11:29 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-30 11:29 . 2008-11-30 11:29 <DIR> d-------- c:\documents and settings\Olle Loeb\Application Data\PC Tools
2008-11-30 11:29 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-30 11:29 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-30 11:29 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-30 11:29 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-25 22:51 . 2008-11-25 22:51 <DIR> d--hs---- c:\documents and settings\Olle Loeb\UserData
2008-11-25 18:00 . 2008-11-25 18:00 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-25 18:00 . 2008-11-25 18:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-25 17:59 . 2008-11-25 17:59 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-25 17:59 . 2008-11-25 17:59 <DIR> d-------- c:\program files\AVG
2008-11-25 17:59 . 2008-12-05 23:44 <DIR> d-------- c:\documents and settings\Olle Loeb\Application Data\AVGTOOLBAR
2008-11-25 17:59 . 2008-11-25 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-25 17:59 . 2008-11-25 17:59 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-25 16:57 . 2008-11-25 16:57 37,888 --a------ c:\windows\system32\cBsTKExV.dll
2008-11-25 16:54 . 2008-11-25 16:54 103 -r-hs---- C:\autorun.8nf
2008-11-25 16:53 . 2008-11-25 16:53 103 -r-hs---- C:\autorun.7nf
2008-11-25 16:52 . 2008-11-25 16:52 103 -r-hs---- C:\autorun.6nf
2008-11-25 16:51 . 2008-11-25 16:51 103 -r-hs---- C:\autorun.5nf
2008-11-25 16:49 . 2008-11-25 16:50 103 -r-hs---- C:\autorun.4nf
2008-11-25 16:48 . 2008-11-25 16:48 103 -r-hs---- C:\autorun.3nf
2008-11-25 16:47 . 2008-11-25 16:47 103 -r-hs---- C:\autorun.2nf
2008-11-25 16:46 . 2008-11-25 16:46 103 -r-hs---- C:\autorun.1nf
2008-11-25 16:44 . 2008-11-25 16:44 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-25 16:43 . 2008-11-25 16:43 103 -r-hs---- C:\autorun.0nf
2008-11-22 23:24 . 2008-11-25 15:47 47,104 --a------ c:\windows\system32\KMVIDC32.DLL
2008-11-12 16:27 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:20 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 22:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 21:54 --------- d-----w c:\program files\Java
2008-12-05 15:45 --------- d-----w c:\program files\GameSpy Arcade
2008-11-25 16:49 --------- d-----w c:\program files\com hem security
2008-11-25 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2008-11-17 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 09:39 --------- d-----w c:\documents and settings\Olle Loeb\Application Data\U3
2008-11-03 14:23 --------- d-----w c:\program files\Sierra
2008-10-31 21:58 --------- d-----w c:\program files\Starcraft
2008-10-31 14:25 --------- d-----w c:\program files\The Seal Hunter
2008-10-30 17:01 --------- d-----w c:\documents and settings\Olle Loeb\Application Data\Xfire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 06:57 --------- d-----w c:\program files\NOS
2008-10-20 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-19 20:38 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-19 20:38 --------- d-----w c:\program files\Common Files\Adobe
2007-02-20 22:38 0 ----a-w c:\documents and settings\Olle Loeb\Application Data\wklnhst.dat
2007-11-29 19:47 168 --sh--r c:\windows\system32\22083FF1ED.sys
2007-11-29 19:47 7,514 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-26 16:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080827\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-17 169984]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-25 1234712]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Olle Loeb\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-08-30 2240080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-01-17 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Dark Omen\\PRG_ENG\\EngRel.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Olle Loeb\\My Documents\\spel\\OpenLieroX\\OpenLieroX.exe"=
"c:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-25 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-25 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-25 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-25 76040]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-25 27904]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-30 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{886e3a6c-9f2f-11dd-bbb5-0019d12d9844}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{00044AAF-FC7F-4464-95F8-2087F63763A5} - (no file)
BHO-{20829BE9-2E67-47BC-9DB0-B20B4C4F4132} - (no file)
BHO-{30C52057-E670-4336-ACAA-5F4D3C1385C4} - (no file)
BHO-{314AB26A-3D2C-4BEE-A770-F0DA3A29244C} - (no file)
BHO-{439A09F4-6A16-4B44-BBC7-35D4B592DB92} - (no file)
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
BHO-{7B4D2D2E-5581-462D-993A-3BEF95563868} - (no file)
BHO-{B70C5B7C-0EE3-431A-BEC0-0F9DA39D7BEF} - (no file)
BHO-{D1E78724-0095-4770-875E-4164BC2E3926} - c:\windows\system32\iIbbbYRK.dll
BHO-{DA2957CA-C854-4676-8927-0CEFBC06E567} - (no file)
HKCU-Run-µTorrent - c:\program files\uTorrent\utorrent.exe
HKLM-Run-c:\windows\system32\kdtjf.exe - c:\windows\system32\kdtjf.exe
Notify-yaYQJAst - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Olle Loeb\Application Data\Mozilla\Firefox\Profiles\n25besjs.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 23:57:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\gearsec.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscript.exe
.
**************************************************************************
.
Completion time: 2008-12-06 0:03:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 23:03:39

Pre-Run: 8,037,466,112 byte ledigt
Post-Run: 8,171,159,552 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

263 --- E O F --- 2008-11-12 23:24:24

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:08:02, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\Valdemar-rex.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell ... bd=5070117
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12255 bytes

done!
//Valdemar-rex
Valdemar-rex
Active Member
 
Posts: 13
Joined: November 30th, 2008, 4:32 pm

Re: Got Virus or something :-(

Unread postby Shaba » December 6th, 2008, 6:09 am

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\autorun.8nf
C:\autorun.7nf
C:\autorun.6nf
C:\autorun.5nf
C:\autorun.4nf
C:\autorun.3nf
C:\autorun.2nf
C:\autorun.1nf
c:\windows\system32\drivers\ndisprot.sys
C:\autorun.0nf
c:\windows\system32\cBsTKExV.dll

Driver::
Ndisprot


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Got Virus or something :-(

Unread postby Valdemar-rex » December 6th, 2008, 6:45 am

No problems, all worked fine :)

Combofix.txt log:

ComboFix 08-12-05.02 - Olle Loeb 2008-12-06 11:29:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1466 [GMT 1:00]
Running from: c:\documents and settings\Olle Loeb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Olle Loeb\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\autorun.0nf
C:\autorun.1nf
C:\autorun.2nf
C:\autorun.3nf
C:\autorun.4nf
C:\autorun.5nf
C:\autorun.6nf
C:\autorun.7nf
C:\autorun.8nf
c:\windows\system32\cBsTKExV.dll
c:\windows\system32\drivers\ndisprot.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.0nf
C:\autorun.1nf
C:\autorun.2nf
C:\autorun.3nf
C:\autorun.4nf
C:\autorun.5nf
C:\autorun.6nf
C:\autorun.7nf
C:\autorun.8nf
c:\windows\system32\cBsTKExV.dll
c:\windows\system32\drivers\ndisprot.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISPROT
-------\Service_Ndisprot


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-05 16:45 . 2008-12-05 16:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-04 14:08 . 2008-12-04 14:08 <DIR> d-------- C:\rsit
2008-11-30 21:34 . 2008-11-30 21:34 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 11:29 . 2008-11-30 11:29 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-30 11:29 . 2008-11-30 11:29 <DIR> d-------- c:\documents and settings\Olle Loeb\Application Data\PC Tools
2008-11-30 11:29 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-30 11:29 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-30 11:29 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-30 11:29 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-25 22:51 . 2008-11-25 22:51 <DIR> d--hs---- c:\documents and settings\Olle Loeb\UserData
2008-11-25 18:00 . 2008-11-25 18:00 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-25 18:00 . 2008-11-25 18:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-25 17:59 . 2008-12-06 10:35 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-25 17:59 . 2008-11-25 17:59 <DIR> d-------- c:\program files\AVG
2008-11-25 17:59 . 2008-12-05 23:44 <DIR> d-------- c:\documents and settings\Olle Loeb\Application Data\AVGTOOLBAR
2008-11-25 17:59 . 2008-11-25 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-25 17:59 . 2008-11-25 17:59 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-22 23:24 . 2008-11-25 15:47 47,104 --a------ c:\windows\system32\KMVIDC32.DLL
2008-11-12 16:27 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:20 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 10:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 21:54 --------- d-----w c:\program files\Java
2008-12-05 15:45 --------- d-----w c:\program files\GameSpy Arcade
2008-11-25 16:49 --------- d-----w c:\program files\com hem security
2008-11-25 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2008-11-17 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 09:39 --------- d-----w c:\documents and settings\Olle Loeb\Application Data\U3
2008-11-03 14:23 --------- d-----w c:\program files\Sierra
2008-10-31 21:58 --------- d-----w c:\program files\Starcraft
2008-10-31 14:25 --------- d-----w c:\program files\The Seal Hunter
2008-10-30 17:01 --------- d-----w c:\documents and settings\Olle Loeb\Application Data\Xfire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 06:57 --------- d-----w c:\program files\NOS
2008-10-20 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-19 20:38 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-19 20:38 --------- d-----w c:\program files\Common Files\Adobe
2007-02-20 22:38 0 ----a-w c:\documents and settings\Olle Loeb\Application Data\wklnhst.dat
2007-11-29 19:47 168 --sh--r c:\windows\system32\22083FF1ED.sys
2007-11-29 19:47 7,514 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-26 16:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080827\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_ 0.03.15.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-06 10:32:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-17 169984]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Olle Loeb\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-08-30 2240080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-01-17 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Dark Omen\\PRG_ENG\\EngRel.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Olle Loeb\\My Documents\\spel\\OpenLieroX\\OpenLieroX.exe"=
"c:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-25 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-25 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-25 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-25 76040]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-30 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{886e3a6c-9f2f-11dd-bbb5-0019d12d9844}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Olle Loeb\Application Data\Mozilla\Firefox\Profiles\n25besjs.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 11:32:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\gearsec.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-06 11:37:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 10:37:24
ComboFix2.txt 2008-12-05 23:03:45

Pre-Run: 8 059 850 752 bytes free
Post-Run: 8,047,198,208 byte ledigt

220 --- E O F --- 2008-11-12 23:24:24
Valdemar-rex
Active Member
 
Posts: 13
Joined: November 30th, 2008, 4:32 pm

Re: Got Virus or something :-(

Unread postby Shaba » December 6th, 2008, 6:54 am

Please post also a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Got Virus or something :-(

Unread postby Valdemar-rex » December 6th, 2008, 7:05 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:34, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\Valdemar-rex.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell ... bd=5070117
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12121 bytes

HijackThis log posted :)
Valdemar-rex
Active Member
 
Posts: 13
Joined: November 30th, 2008, 4:32 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware