Jump to content


Photo

Keylogger removal, hijack this logg.


  • This topic is locked This topic is locked
12 replies to this topic

#1 berntsson

berntsson

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 June 2009 - 02:53 PM

Hi, i have a problem with keyloggers. I have scaned my computor with ad-aware, spybot anti-malware, norton and panda. Now i need your help to analyse the hijack this logg.
Sry for my bad english. Nad thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:32, on 2009-06-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RGSC] C:\Program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Keylogger Hunter.lnk = C:\Program\Keylogger Hunter\KeyloggerHunter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1231536024734
O18 - Protocol: bw+0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 19232 bytes

#2 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 26 June 2009 - 02:55 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#3 berntsson

berntsson

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 June 2009 - 10:41 AM

I did a scan with malewarebytes anti maleware before the first hijakthis logg i pasted and that time it did find a trojan that i removed. And i did find some other viruses with the other programs i scaned with so maby i found and deleted the keylogger. But i pasted this to be certain that i got ridd of all maleware on my computor.

I did a new quik scan now and it dident find anything, and sry for using swedish on malewarebytes antimaleware. here is the log;

Malwarebytes' Anti-Malware 1.38
Databasversion: 2338
Windows 5.1.2600 Service Pack 3

2009-06-26 17:29:45
mbam-log-2009-06-26 (17-29-45).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 88001
Förfluten tid: 3 minute(s), 54 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)

Here is the new hijakthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:21, on 2009-06-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RGSC] C:\Program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Keylogger Hunter.lnk = C:\Program\Keylogger Hunter\KeyloggerHunter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1231536024734
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O18 - Protocol: bw+0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 19129 bytes

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 26 June 2009 - 01:49 PM

Hi again,

The infection is still showing in your log.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.

Next:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 berntsson

berntsson

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 June 2009 - 04:00 PM

I hope i did this right now. Here is the log from the scan:

ComboFix 09-06-26.02 - Robin 2009-06-26 22:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2047.1474 [GMT 2:00]
Körs från: c:\documents and settings\Robin\Skrivbord\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe

.
(((((((((((((((((((((((( Filer Skapade från 2009-05-26 till 2009-06-26 ))))))))))))))))))))))))))))))
.

2009-06-26 17:36 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\EECTRL.SYS
2009-06-26 17:36 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\CCERASER.DLL
2009-06-26 17:36 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\ERASER.SYS
2009-06-26 17:36 . 2009-02-19 09:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVENG.SYS
2009-06-26 17:36 . 2009-02-19 09:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVEX15.SYS
2009-06-26 17:36 . 2009-02-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVENG32.DLL
2009-06-26 17:36 . 2009-02-19 09:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVEX32A.DLL
2009-06-26 17:36 . 2009-02-13 17:18 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\ECMSVR32.DLL
2009-06-26 15:43 . 2009-06-26 15:43 560128 ----a-w- c:\documents and settings\Robin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv304-0906120-0-main.dll
2009-06-25 16:33 . 2009-06-25 16:33 -------- d-----w- c:\documents and settings\Robin\Application Data\Malwarebytes
2009-06-25 16:33 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 16:33 . 2009-06-25 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 16:33 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 16:33 . 2009-06-25 16:33 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2009-06-25 15:44 . 2009-06-25 15:46 -------- d-----w- c:\program\Spybot - Search & Destroy
2009-06-25 15:44 . 2009-06-25 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-24 09:43 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 09:43 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 09:43 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 09:43 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 09:43 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-22 21:18 . 2009-06-22 21:18 -------- d-----w- c:\program\Trend Micro
2009-06-22 21:14 . 2009-06-22 17:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-22 18:40 . 2009-06-22 18:40 -------- d-----w- c:\documents and settings\LocalService\Skrivbord
2009-06-22 17:06 . 2009-06-22 17:03 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-22 17:06 . 2009-06-22 17:06 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-22 17:06 . 2009-06-22 17:06 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-22 17:06 . 2009-06-22 17:06 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-22 17:06 . 2009-06-22 17:06 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-22 17:06 . 2009-06-22 17:06 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-22 17:06 . 2009-06-22 17:06 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-22 17:06 . 2009-06-22 17:06 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-22 17:04 . 2009-06-22 17:04 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-22 17:03 . 2009-06-22 17:03 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-22 17:03 . 2009-06-22 17:03 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-22 17:03 . 2009-06-22 17:03 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-22 17:03 . 2009-06-22 17:03 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-22 17:03 . 2009-06-22 17:03 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-22 17:02 . 2009-06-22 17:02 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-22 17:02 . 2009-06-22 17:02 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-22 17:02 . 2009-06-22 17:02 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-22 17:02 . 2009-06-22 17:02 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-22 17:02 . 2009-06-22 17:02 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-22 17:02 . 2009-06-22 17:02 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 16:57 . 2009-06-22 16:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-22 16:57 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-22 16:57 . 2009-06-22 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-22 16:57 . 2009-06-22 16:57 -------- d-----w- c:\program\Lavasoft
2009-06-22 16:57 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-22 16:49 . 2009-06-22 16:49 -------- d-----w- c:\program\Keylogger Hunter
2009-06-22 15:44 . 2009-06-22 15:44 -------- d-sh--w- c:\documents and settings\Robin\IECompatCache
2009-06-22 15:43 . 2009-06-22 15:43 -------- d-sh--w- c:\documents and settings\Robin\PrivacIE
2009-06-22 15:43 . 2009-06-22 15:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-22 15:42 . 2009-06-22 15:42 -------- d-sh--w- c:\documents and settings\Robin\IETldCache
2009-06-22 10:00 . 2009-04-30 21:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-22 10:00 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-22 10:00 . 2009-06-22 10:01 -------- d-----w- c:\windows\ie8updates
2009-06-22 09:59 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-22 09:51 . 2009-06-22 09:59 -------- dc-h--w- c:\windows\ie8
2009-06-19 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-19 20:03 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 20:03 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 20:03 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 20:03 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-11 09:44 . 2005-01-13 18:19 15960 ----a-w- c:\windows\system\mingwm10.dll
2009-06-11 09:43 . 2007-02-24 19:53 6142976 ----a-w- c:\windows\system\qt-mt334.DLL
2009-06-11 09:41 . 2005-06-25 13:13 999484 ----a-w- c:\windows\system\common.dll
2009-06-11 09:37 . 2009-06-11 09:37 -------- d-----w- c:\program\Freelancer Mod Manager
2009-06-11 08:02 . 2009-06-11 08:02 -------- d-----w- c:\program\CCP
2009-06-11 08:02 . 2009-06-11 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CCP
2009-06-08 11:17 . 2009-06-08 11:17 -------- d-----w- c:\documents and settings\Robin\Application Data\Leadertech
2009-06-06 08:07 . 2009-06-06 08:07 120088 ----a-w- c:\documents and settings\Robin\Application Data\Mozilla\Plugins\npoctoshape.dll
2009-06-06 08:07 . 2009-06-06 08:07 -------- d-----w- c:\documents and settings\Robin\Application Data\Octoshape
2009-06-06 08:07 . 2009-06-04 10:03 396288 ----a-w- c:\documents and settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\sua-0906040-0-libOctoshapeClient.dll
2009-06-06 08:07 . 2009-06-04 10:03 124184 ----a-w- c:\documents and settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\sua-0906040-0-apoctoshape.dll
2009-06-06 08:07 . 2009-06-04 10:03 120088 ----a-w- c:\documents and settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\sua-0906040-0-npoctoshape.dll
2009-06-06 08:07 . 2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
2009-06-04 21:51 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-06-04 21:38 . 2009-06-04 21:38 -------- d-----w- c:\program\Gpotato

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 20:12 . 2009-01-27 12:25 -------- d-----w- c:\program\Warcraft III
2009-06-26 18:22 . 2009-01-27 12:23 -------- d-----w- c:\program\Garena
2009-06-25 18:20 . 2009-03-03 21:50 -------- d-----w- c:\documents and settings\Robin\Application Data\Spotify
2009-06-25 16:30 . 2009-01-09 20:28 -------- d-----w- C:\Program Files
2009-06-20 09:50 . 2009-01-10 12:09 -------- d-----w- c:\documents and settings\Robin\Application Data\uTorrent
2009-06-20 09:42 . 2009-01-09 20:27 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-06-14 01:01 . 2009-03-28 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-11 08:41 . 2009-01-27 22:18 -------- d-----w- c:\program\Microsoft Games
2009-06-08 11:14 . 2009-01-09 20:15 -------- d--h--w- c:\program\InstallShield Installation Information
2009-06-08 11:14 . 2009-01-31 09:37 -------- d-----w- c:\program\Atari
2009-06-04 13:53 . 2009-01-09 21:57 -------- d-----w- c:\program\World of Warcraft
2009-05-23 12:29 . 2009-05-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-05-23 12:29 . 2009-05-23 12:29 -------- d-----w- c:\program\WorldOfGoo
2009-05-22 15:31 . 2009-05-22 15:25 -------- d-----w- c:\program\Counter-Strike Source
2009-05-19 21:50 . 2009-05-19 21:49 -------- d-----w- c:\program\3DO
2009-05-19 21:48 . 2009-01-31 13:50 -------- d-----w- c:\program\Call of Duty 4 - Modern Warfare
2009-05-17 07:48 . 2009-05-17 06:32 -------- d-----w- c:\program\Runes of Magic
2009-05-17 07:00 . 2009-05-16 19:53 -------- d-----w- c:\documents and settings\Robin\Application Data\FOG Downloader
2009-05-13 21:22 . 2009-05-13 19:56 -------- d-----w- c:\documents and settings\Robin\Application Data\LimeWire
2009-05-13 19:56 . 2009-05-13 19:56 -------- d-----w- c:\program\LimeWire
2009-05-13 18:21 . 2009-05-10 11:06 -------- d-----w- c:\program\Civilization IV
2009-05-13 05:06 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 14:30 . 2009-04-16 22:07 -------- d-----w- c:\documents and settings\Robin\Application Data\dvdcss
2009-05-10 13:04 . 2009-05-10 12:56 -------- d-----w- c:\program\Civilization IV
2009-05-10 11:21 . 2009-05-10 11:05 -------- d-----w- c:\program\Bioshock
2009-05-09 19:20 . 2009-05-09 10:42 -------- d-----w- c:\program\DAEMON Tools Lite
2009-05-09 15:59 . 2009-04-18 08:04 -------- d-----w- c:\program\DivX
2009-05-09 10:43 . 2009-01-27 12:18 -------- d-----w- c:\documents and settings\Robin\Application Data\DAEMON Tools Lite
2009-05-09 10:42 . 2009-05-09 10:42 -------- d-----w- c:\program\DAEMON Tools Toolbar
2009-05-09 10:38 . 2009-01-27 12:18 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\documents and settings\Robin\Application Data\VOIPlay
2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\program\VOIPlay
2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VOIPlay
2009-05-07 15:33 . 2006-03-02 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 15:02 . 2009-05-02 14:38 -------- d-----w- c:\program\Left 4 Dead på Homer (Svensson-c765f4)
2009-05-02 14:41 . 2009-05-02 14:39 -------- d-----w- c:\program\Quake 3
2009-04-29 18:18 . 2009-04-29 18:18 -------- d-----w- c:\documents and settings\Robin\Application Data\The Creative Assembly
2009-04-29 18:05 . 2009-04-29 15:48 -------- d-----w- c:\program\Empire Total War
2009-04-28 20:53 . 2009-04-28 20:53 -------- d-----w- c:\program\MSXML 4.0
2009-04-25 18:45 . 2009-04-05 15:03 152576 ----a-w- c:\documents and settings\Robin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-25 00:00 . 2009-01-31 09:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-24 23:13 . 2006-03-02 12:00 78440 ----a-w- c:\windows\system32\perfc01D.dat
2009-04-24 23:13 . 2006-03-02 12:00 433272 ----a-w- c:\windows\system32\perfh01D.dat
2009-04-24 22:47 . 2009-01-31 14:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-24 22:47 . 2009-01-31 14:19 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-20 20:26 . 2009-01-27 12:26 89984 ----a-w- c:\windows\War3Unin.dat
2009-04-19 19:51 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:55 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 1126400]
"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RGSC"="c:\program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-25 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Robin\Start-meny\Program\Autostart\
Keylogger Hunter.lnk - c:\program\Keylogger Hunter\KeyloggerHunter.exe [2008-11-14 344064]
PowerReg Scheduler V3.exe [2009-6-8 225280]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Logitech Desktop Messenger.lnk - c:\program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-1-9 450560]
Logitech SetPoint.lnk - c:\program\Logitech\SetPoint\SetPoint.exe [2009-1-9 528384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Valve\\Steam\\SteamApps\\berntsson\\counter-strike\\hl.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\Program\\Valve\\Steam\\SteamApps\\berntsson\\counter-strike source\\hl2.exe"=
"c:\\Program\\Ventrilo\\Ventrilo.exe"=
"c:\\Program\\Garena\\Garena.exe"=
"c:\\Program\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"=
"c:\\Program\\World of Warcraft\\Launcher.exe"=
"c:\\Program\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Westwood\\RA2\\GAME.EXE"=
"c:\\Program\\NetstormLaunch\\package\\Netstorm.exe"=
"c:\\Program\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\Robin\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Documents and Settings\\Robin\\Skrivbord\\uppload\\DOW2.exe"=
"c:\\Program\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program\\Quake 3\\quake3.exe"=
"c:\\Documents and Settings\\Robin\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Program\\CCP\\EVE\\bin\\ExeFile.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6112:UDP"= 6112:UDP:*:Disabled:starcraft
"6113:TCP"= 6113:TCP:*:Disabled:starcraft
"6113:UDP"= 6113:UDP:*:Disabled:starcraft
"6114:TCP"= 6114:TCP:*:Disabled:starcraft
"6114:UDP"= 6114:UDP:*:Disabled:starcraft
"6115:TCP"= 6115:TCP:*:Disabled:starcraft
"6115:UDP"= 6115:UDP:*:Disabled:starcraft
"6116:TCP"= 6116:TCP:*:Disabled:starcraft
"6116:UDP"= 6116:UDP:*:Disabled:starcraft
"6117:TCP"= 6117:TCP:*:Disabled:starcraft
"6117:UDP"= 6117:UDP:*:Disabled:starcraft
"6118:TCP"= 6118:TCP:*:Disabled:starcraft
"6118:UDP"= 6118:UDP:*:Disabled:starcraft
"6119:UDP"= 6119:UDP:*:Disabled:starcraft
"6119:TCP"= 6119:TCP:*:Disabled:starcraft
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-06-22 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-22 28544]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [2009-03-20 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [2009-03-20 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [2009-03-20 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys [2009-06-24 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-03-20 115560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-01-09 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1003344]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Innehållet i mappen 'Schemalagda aktiviteter':

2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:02]
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKLM-Run-ASUSGamerOSD - c:\program files\ASUS\GamerOSD\GamerOSD.exe


.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
IE: E&xport to Microsoft Excel - c:\program\MICROS~4\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 22:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-2025429265-813497703-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-813497703-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:f1,9f,6f,f0,b5,88,48,8c,46,07,78,35,f3,7f,ae,f7,7f,7d,15,a6,bc,
42,2d,14,06,50,b4,dc,ef,f4,0f,4d,58,4d,16,af,12,cc,21,d0,a4,6a,3d,a2,8c,ec,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\Ati2evxx.dll
c:\program\Delade filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Sluttid: 2009-06-26 22:43
ComboFix-quarantined-files.txt 2009-06-26 20:43

Före genomsökningen: 151 421 526 016 byte ledigt
Efter genomsökningen: 151 869 456 384 byte ledigt

290 --- E O F --- 2009-06-22 10:02

#6 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 27 June 2009 - 03:36 PM

Hi again,

I think we got it. Please run this on-line scan to check for leftovers:

Please do the following:
Run a BitDefender Online scan Here and post the results.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#7 berntsson

berntsson

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 June 2009 - 04:19 AM

For some reason BitDefender Online refuses to work for me, when the virus signature is uppdated to 100% it just stays there and refuses to go on.

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 28 June 2009 - 05:23 AM

Hi again,

OK, try one of these two:

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-sec.../home/ols.shtml

Scroll to the bottom of the page, and click Start Scan.

When prompted, choose to install the software. After the software has installed, click Accept. Click Custom Scan and check the option for Scan inside archives, then click Start. The necessary databases will then be downloaded, and the scan will then start automatically.

Please be patient as this scan will take a while to complete. If any infections are found then once the scan has finished, the "cleaning" screen will be displayed.

Choose Automatic cleaning (recommended).After cleaning has finished, then the Finish screen will be displayed.

Choose Show Report. In order to post the report, press CTRL+A on your keyboard to highlight all the text.

Then copy and paste that information into this thread.

or:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 berntsson

berntsson

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 June 2009 - 04:29 PM

I did both the online scans and none of them found anything other than cookies. Both i also did a new scan with my norton antivirus and it found several trojans and other maleware.

Here is the log from esets online scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=160809ae3c81294d9b0b0e466df301aa
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-28 09:02:36
# local_time=2009-06-28 11:02:36 (+0100, Västeuropa, normaltid)
# country="Sweden"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3587 21 100 94 86830295625000
# scanned=240110
# found=0
# cleaned=0
# scan_time=17194


And here is the log from f-secure:

Scanning Report
Sunday, June 28, 2009 13:30:23 - 16:56:43

Computer name: BERTO
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
3 malware found
TrackingCookie.Atdmt (spyware)

* System (Disinfected)

Client-IRC.Win32.mIRC (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 627703
* System: 3719
* Not scanned: 277

Actions:

* Disinfected: 3
* Renamed: 0
* Deleted: 0
* Not cleaned: 0
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\JET4DD.TMP
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_14C.DAT
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_24C.DAT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\DATASTORE.EDB
* C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS\EDB.LOG
* C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS\TMP.EDB
* C:\Program\World of Warcraft\Data\common.MPQ
* C:\Program\World of Warcraft\Data\lichking.MPQ
* C:\Program\World of Warcraft\Data\patch.MPQ
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack000.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack001.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack002.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack003.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack004.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack005.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack006.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack007.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack008.vpk
* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack009.vpk
* C:\Program\Titan.Quest.Immortal.Throne-Unleashed\unl-tqit.iso
* C:\Program\Titan.Quest-Unleashed\rld-tiqu.iso
* C:\Program\starcraft\World of Warcraft Public Test\Data\common.MPQ
* C:\Program\starcraft\World of Warcraft Public Test\Data\lichking.MPQ
* C:\Program\Runes of Magic\update.inf\install.ini
* C:\Program\Runes of Magic\update.inf\country.ini
* C:\Program\Runes of Magic\update.inf\ImageSwitch.ini
* C:\Program\Runes of Magic\update.inf\localization.ini
* C:\Program\Runes of Magic\update.inf\serverlist_cn.ini
* C:\Program\Runes of Magic\update.inf\serverlist_de.ini
* C:\Program\Runes of Magic\update.inf\serverlist_eneu.ini
* C:\Program\Runes of Magic\update.inf\serverlist_enus.ini
* C:\Program\Runes of Magic\update.inf\serverlist_jp.ini
* C:\Program\Runes of Magic\update.inf\serverlist_my.ini
* C:\Program\Runes of Magic\update.inf\serverlist_ru.ini
* C:\Program\Runes of Magic\update.inf\serverlist_rw.ini
* C:\Program\Runes of Magic\update.inf\serverlist_sg.ini
* C:\Program\Runes of Magic\update.inf\serverlist_tr.ini
* C:\Program\Runes of Magic\update.inf\serverlist_tw.ini
* C:\Program\Runes of Magic\update.inf\string_cn.ini
* C:\Program\Runes of Magic\update.inf\string_de.ini
* C:\Program\Runes of Magic\update.inf\string_eneu.ini
* C:\Program\Runes of Magic\update.inf\string_enus.ini
* C:\Program\Runes of Magic\update.inf\string_jp.ini
* C:\Program\Runes of Magic\update.inf\string_my.ini
* C:\Program\Runes of Magic\update.inf\string_ru.ini
* C:\Program\Runes of Magic\update.inf\string_sg.ini
* C:\Program\Runes of Magic\update.inf\string_tr.ini
* C:\Program\Runes of Magic\update.inf\string_tw.ini
* C:\Program\Runes of Magic\update.inf\update_cn.ini
* C:\Program\Runes of Magic\update.inf\update_de.ini
* C:\Program\Runes of Magic\update.inf\update_eneu.ini
* C:\Program\Runes of Magic\update.inf\update_enus.ini
* C:\Program\Runes of Magic\update.inf\update_jp.ini
* C:\Program\Runes of Magic\update.inf\update_my.ini
* C:\Program\Runes of Magic\update.inf\update_ru.ini
* C:\Program\Runes of Magic\update.inf\update_rw.ini
* C:\Program\Runes of Magic\update.inf\update_sg.ini
* C:\Program\Runes of Magic\update.inf\update_tr.ini
* C:\Program\Runes of Magic\update.inf\update_tw.ini
* C:\Program\Runes of Magic\update.inf\version.ini
* C:\Program\Guitar Hero III - Legends Of Rock\Guitar Hero III Legends Of Rock [PCDVD][MULTI5][www.zonatorrent.com].mdf
* C:\Program\Garena\mdata.ggz\mh.xml
* C:\Program\Garena\skin_bs\garenatv.ggz\garenatv.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\GTVBtnOff.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\GTVBtnOn.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\GTVDetailsBG.png
* C:\Program\Garena\skin_bs\garenatv.ggz\GTVHighlight.png
* C:\Program\Garena\skin_bs\garenatv.ggz\GTVLVIcons.png
* C:\Program\Garena\skin_bs\garenatv.ggz\GTVPanel.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\Header.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\menu.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\ProgressBarBgH.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\ProgressBarBgV.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\ProgressBarH.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\ProgressBarV.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\rateempty.png
* C:\Program\Garena\skin_bs\garenatv.ggz\ratefull.png
* C:\Program\Garena\skin_bs\garenatv.ggz\Tab.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\TabBg.bmp
* C:\Program\Garena\skin_bs\garenatv.ggz\ui.xml
* C:\Program\Garena\skin_bs\garenatv.ggz\Window.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\split_h.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\split_v.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\splitter_h.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\Tab.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\TabBg.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\ui.xml
* C:\Program\Garena\skin_bs\Skin.ggz\Window.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\Others.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/0.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/1.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/100.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/11.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/2.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/3.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/4.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/5.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/6.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\usertype/Thumbs.db
* C:\Program\Garena\skin_bs\Skin.ggz\Arrow_Down.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\Arrow_Up.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\Button.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\comment_header.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\GameIconsBig.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\goldmem.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\Header.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\login_gg_logo.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\login_header_bar.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\Logo.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\menu.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\messagetab.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\outbar_lab.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\panel.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\ProgressBarBgH.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\ProgressBarBgV.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\ProgressBarH.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\ProgressBarV.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\ScrollBarArrows.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\ScrollBarArrowsHBg.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\ScrollNews.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\shop_gm.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\shop_gm_type.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\shop_magic_item.bmp
* C:\Program\Garena\skin_bs\Skin.ggz\Skin.xml
* C:\Program\Garena\skin_bs\Skin.ggz\skinmsn.bmp
* C:\Program\Garena\Skin\garenatv.ggz\garenatv.bmp
* C:\Program\Garena\Skin\garenatv.ggz\GTVBtnOff.bmp
* C:\Program\Garena\Skin\garenatv.ggz\GTVBtnOn.bmp
* C:\Program\Garena\Skin\garenatv.ggz\GTVDetailsBG.png
* C:\Program\Garena\Skin\garenatv.ggz\GTVHighlight.png
* C:\Program\Garena\Skin\garenatv.ggz\GTVLVIcons.png
* C:\Program\Garena\Skin\garenatv.ggz\GTVPanel.bmp
* C:\Program\Garena\Skin\garenatv.ggz\Header.bmp
* C:\Program\Garena\Skin\garenatv.ggz\menu.bmp
* C:\Program\Garena\Skin\garenatv.ggz\ProgressBarBgH.bmp
* C:\Program\Garena\Skin\garenatv.ggz\ProgressBarBgV.bmp
* C:\Program\Garena\Skin\garenatv.ggz\ProgressBarH.bmp
* C:\Program\Garena\Skin\garenatv.ggz\ProgressBarV.bmp
* C:\Program\Garena\Skin\garenatv.ggz\rateempty.png
* C:\Program\Garena\Skin\garenatv.ggz\ratefull.png
* C:\Program\Garena\Skin\Skin.ggz\GameIconsBig.bmp
* C:\Program\Garena\Skin\Skin.ggz\goldmem.bmp
* C:\Program\Garena\Skin\garenatv.ggz\Tab.bmp
* C:\Program\Garena\Skin\Skin.ggz\Header.bmp
* C:\Program\Garena\Skin\garenatv.ggz\TabBg.bmp
* C:\Program\Garena\Skin\garenatv.ggz\ui.xml
* C:\Program\Garena\Skin\garenatv.ggz\Window.bmp
* C:\Program\Garena\Skin\Skin.ggz\login_gg_logo.bmp
* C:\Program\Garena\Skin\Skin.ggz\login_header_bar.bmp
* C:\Program\Garena\Skin\Skin.ggz\Logo.bmp
* C:\Program\Garena\Skin\Skin.ggz\menu.bmp
* C:\Program\Garena\Skin\Skin.ggz\messagetab.bmp
* C:\Program\Garena\Skin\Skin.ggz\Others.bmp
* C:\Program\Garena\Skin\Skin.ggz\outbar_lab.bmp
* C:\Program\Garena\Skin\Skin.ggz\panel.bmp
* C:\Program\Garena\Skin\Skin.ggz\ProgressBarBgH.bmp
* C:\Program\Garena\Skin\Skin.ggz\ProgressBarBgV.bmp
* C:\Program\Garena\Skin\Skin.ggz\ProgressBarH.bmp
* C:\Program\Garena\Skin\Skin.ggz\ProgressBarV.bmp
* C:\Program\Garena\Skin\Skin.ggz\ScrollBarArrows.bmp
* C:\Program\Garena\Skin\Skin.ggz\ScrollBarArrowsHBg.bmp
* C:\Program\Garena\Skin\Skin.ggz\ScrollNews.bmp
* C:\Program\Garena\Skin\Skin.ggz\shop_gm.bmp
* C:\Program\Garena\Skin\Skin.ggz\shop_gm_type.bmp
* C:\Program\Garena\Skin\Skin.ggz\shop_magic_item.bmp
* C:\Program\Garena\Skin\Skin.ggz\Skin.xml
* C:\Program\Garena\Skin\Skin.ggz\skinmsn.bmp
* C:\Program\Garena\Skin\Skin.ggz\split_h.bmp
* C:\Program\Garena\Skin\Skin.ggz\split_v.bmp
* C:\Program\Garena\Skin\Skin.ggz\splitter_h.bmp
* C:\Program\Garena\Skin\Skin.ggz\Tab.bmp
* C:\Program\Garena\Skin\Skin.ggz\TabBg.bmp
* C:\Program\Garena\Skin\Skin.ggz\ui.xml
* C:\Program\Garena\Skin\Skin.ggz\Window.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/0.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/1.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/100.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/11.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/2.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/3.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/4.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/5.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/6.bmp
* C:\Program\Garena\Skin\Skin.ggz\usertype/Thumbs.db
* C:\Program\Garena\Skin\Skin.ggz\Arrow_Down.bmp
* C:\Program\Garena\Skin\Skin.ggz\Arrow_Up.bmp
* C:\Program\Garena\Skin\Skin.ggz\Button.bmp
* C:\Program\Garena\Skin\Skin.ggz\comment_header.bmp
* C:\Program\Garena\Languages\FPSGame.dll.cn\lang.xml
* C:\Program\Garena\Languages\FPSGame.dll.tw\lang.xml
* C:\Program\Garena\Languages\FPSGame.dll.en\lang.xml
* C:\Program\Garena\Languages\Garena.exe.br\Garena.exe.br.xml
* C:\Program\Garena\Languages\Garena.exe.cn\Garena.exe.cn.xml
* C:\Program\Garena\Languages\Garena.exe.en\Garena.exe.en.xml
* C:\Program\Garena\Languages\Garena.exe.id\Garena.exe.id.xml
* C:\Program\Garena\Languages\Garena.exe.ru\Garena.exe.ru.xml
* C:\Program\Garena\Languages\Garena.exe.sp\Garena.exe.sp.xml
* C:\Program\Garena\Languages\Garena.exe.th\Garena.exe.th.xml
* C:\Program\Garena\Languages\Garena.exe.tw\Garena.exe.tw.xml
* C:\Program\Garena\Languages\Garena.exe.vn\Garena.exe.vn.xml
* C:\Program\Garena\Languages\GarenaTV_UI.dll.cn\lang.xml
* C:\Program\Garena\Languages\GarenaTV_UI.dll.cn\server.xml
* C:\Program\Garena\Languages\GarenaTV_UI.dll.en\lang.xml
* C:\Program\Garena\Languages\GarenaTV_UI.dll.en\server.xml
* C:\Program\Garena\Languages\GarenaTV_UI.dll.id\lang.xml
* C:\Program\Garena\Languages\GarenaTV_UI.dll.id\server.xml
* C:\Program\Garena\Languages\GarenaTV_UI.dll.tw\lang.xml
* C:\Program\Garena\Languages\GarenaTV_UI.dll.tw\server.xml
* C:\Program\Garena\Languages\update.exe.cn\update.exe.cn.xml
* C:\Program\Garena\Languages\update.exe.tw\update.exe.tw.xml
* C:\Program\Garena\Languages\update2.exe.cn\update2.exe.cn.xml
* C:\Program\Garena\Languages\update2.exe.tw\update2.exe.tw.xml
* C:\Program\Garena\Languages\WC3Ass.dll.cn\lang.xml
* C:\Program\Garena\Languages\WC3Ass.dll.en\lang.xml
* C:\Program\Garena\Languages\WC3Ass.dll.tw\lang.xml
* C:\Program\Garena\Languages\WC3Ass.dll.vn\lang.xml
* C:\Program\Garena\Languages\WC3Ladder.dll.cn\lang.xml
* C:\Program\Garena\Languages\WC3Ladder.dll.en\lang.xml
* C:\Program\Garena\Languages\WC3Ladder.dll.tw\lang.xml
* C:\Program\Garena\GarenaTV\cn_s.ggz\lang.xml
* C:\Program\Garena\GarenaTV\cn_s.ggz\server.xml
* C:\Program\Garena\GarenaTV\cn.ggz\default_cn.xml
* C:\Program\Garena\GarenaTV\cn.ggz\dota657b_cn.xml
* C:\Program\Garena\GarenaTV\cn.ggz\dota659_cn.xml
* C:\Program\Garena\GarenaTV\id_s.ggz\server.xml
* C:\Program\Garena\GarenaTV\en_s.ggz\lang.xml
* C:\Program\Garena\GarenaTV\en_s.ggz\server.xml
* C:\Program\Garena\GarenaTV\en.ggz\default.xml
* C:\Program\Garena\GarenaTV\en.ggz\dota657b.xml
* C:\Program\Garena\GarenaTV\en.ggz\dota659.xml
* C:\Program\Garena\GarenaTV\tw_s.ggz\lang.xml
* C:\Program\Garena\GarenaTV\tw_s.ggz\server.xml
* C:\Program\Garena\GarenaTV\tw.ggz\default_tw.xml
* C:\Program\Garena\GarenaTV\tw.ggz\dota657b_tw.xml
* C:\Program\Garena\GarenaTV\tw.ggz\dota659_tw.xml
* C:\Program\Far_Cry_2-Razor1911\rzr-fcr2.iso
* C:\Program\Delade filer\Adobe\Installers\Adobe Photoshop CS4 11.0 03-30-2009.log.gz\Adobe Photoshop CS4 11.0 03-30-2009.log
* C:\Program\Call of Duty 4 - Modern Warfare\Bioshock.2007.PC-Rip.Full.Game.English.Skullptura\Bioshock.2007.PC-Rip.Full.Game.English.Skullptura.7z
* C:\Program\3DO\Heroes of Might and Magic 3\Maps\Corbus Realm.h3c\Corbus Realm
* C:\Program\3DO\Heroes of Might and Magic 3\Maps\The power of the EYE.h3c\The power of the EYE
* C:\Program\3DO\Heroes of Might and Magic 3\Maps\The%20Civil%20War.h3m\The%20Civil%20War
* C:\DOCUMENTS AND SETTINGS\ROBIN\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\ROBIN\NTUSER.DAT.LOG
* C:\Documents and Settings\Robin\Skrivbord\uppload\Warhammer.40.000.Dawn.of.War.II-ViTALiTY\vty-0229.iso
* C:\Documents and Settings\Robin\Skrivbord\uppload\Empire_Total_War_Special_Forces_Edition-Razor1911\DVD1\rzr-etw1.iso
* C:\Documents and Settings\Robin\Mina dokument\Downloads\GTA 4DVD2\rzr-ga4b.iso
* C:\DOCUMENTS AND SETTINGS\ROBIN\LOKALA INSTÄLLNINGAR\TEMP\FML1622.TMP
* C:\DOCUMENTS AND SETTINGS\ROBIN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\ROBIN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentatta.zip\program Files/Manson/liser.dll
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentatta.zip\sbRecovery.ini
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_AVPAPP_{BB639333-810A-4BF8-85F5-C537857F55FC}0
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{E8EFD4CD-DE52-4444-9511-EFF3B158724B}0
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{FF9AC67A-E394-46AE-B150-B3365343F166}G
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_NPC.TRAY.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_UI.HOST.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0

Options
Scanning engines:

Scanning options:

* Scan all files
* Scan inside archives
* Use advanced heuristics

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 29 June 2009 - 02:28 AM

Hi again,

Norton is probably picking up infected restore points rather than active malware.

Do Start->Control Panel->System, System restore. Check "Turn off System Restore" and reboot. That will erase all restore points.
After reboot, go back in and turn System Restore back on.

Scan again with Norton, if it still finds anything please copy what it finds here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 berntsson

berntsson

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 05 July 2009 - 04:22 AM

Sorry beeen awey on a trip so havent been able to answer. I did as you said and norton dident find anything this time.

#12 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 05 July 2009 - 07:53 AM

Hi again,

In that case it looks like your PC is clean.

In order to be better protected in the future, I recommend the following programs:

SpywareBlaster protects against bad ActiveX.
http://www.javacools...areblaster.html

SpywareGuard stops Spyware from being installed.
http://www.javacools...ywareguard.html

Also install the MVPS hosts file:
http://www.mvps.org/...p2002/hosts.htm
which blocks innocent looking sites that are not so innocent.

All three are very small free programs that you run once, and then just occasionally to check for updates.

Also see
How did I get Infected?

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking
here http://v4.windowsupdate.microsoft.com/
and following the prompts.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 29 July 2009 - 01:48 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button