• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
berntsson

Keylogger removal, hijack this logg.

13 posts in this topic

Hi, i have a problem with keyloggers. I have scaned my computor with ad-aware, spybot anti-malware, norton and panda. Now i need your help to analyse the hijack this logg.

Sry for my bad english. Nad thanks for the help.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:40:32, on 2009-06-25

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\ATKKBService.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RGSC] C:\Program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Keylogger Hunter.lnk = C:\Program\Keylogger Hunter\KeyloggerHunter.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231536024734

O18 - Protocol: bw+0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: offline-8876480 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 19232 bytes

Share this post


Link to post
Share on other sites

Hi,

 

* Please download Malwarebytes' Anti-Malware from Here or Here

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

jedi

Share this post


Link to post
Share on other sites

I did a scan with malewarebytes anti maleware before the first hijakthis logg i pasted and that time it did find a trojan that i removed. And i did find some other viruses with the other programs i scaned with so maby i found and deleted the keylogger. But i pasted this to be certain that i got ridd of all maleware on my computor.

 

I did a new quik scan now and it dident find anything, and sry for using swedish on malewarebytes antimaleware. here is the log;

 

Malwarebytes' Anti-Malware 1.38

Databasversion: 2338

Windows 5.1.2600 Service Pack 3

 

2009-06-26 17:29:45

mbam-log-2009-06-26 (17-29-45).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 88001

Förfluten tid: 3 minute(s), 54 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

Here is the new hijakthis log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:37:21, on 2009-06-26

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATKKBService.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RGSC] C:\Program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Keylogger Hunter.lnk = C:\Program\Keylogger Hunter\KeyloggerHunter.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231536024734

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

O18 - Protocol: bw+0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: offline-8876480 - {9AD2BE94-E055-4458-AAE5-9DD811109D30} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 19129 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

The infection is still showing in your log.

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

5) Restart your computer.

You can reenable TeaTimer once your system is clean.

 

Next:

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

Link 3

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
     
  • Double click on ComboFix.exe & follow the prompts.
     
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

RcAuto1.gif

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

jedi

Share this post


Link to post
Share on other sites

I hope i did this right now. Here is the log from the scan:

 

ComboFix 09-06-26.02 - Robin 2009-06-26 22:40.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2047.1474 [GMT 2:00]

Körs från: c:\documents and settings\Robin\Skrivbord\ComboFix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\ATIODCLI.exe

c:\windows\system32\ATIODE.exe

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-05-26 till 2009-06-26 ))))))))))))))))))))))))))))))

.

 

2009-06-26 17:36 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\EECTRL.SYS

2009-06-26 17:36 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\CCERASER.DLL

2009-06-26 17:36 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\ERASER.SYS

2009-06-26 17:36 . 2009-02-19 09:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVENG.SYS

2009-06-26 17:36 . 2009-02-19 09:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVEX15.SYS

2009-06-26 17:36 . 2009-02-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVENG32.DLL

2009-06-26 17:36 . 2009-02-19 09:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVEX32A.DLL

2009-06-26 17:36 . 2009-02-13 17:18 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\ECMSVR32.DLL

2009-06-26 15:43 . 2009-06-26 15:43 560128 ----a-w- c:\documents and settings\Robin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv304-0906120-0-main.dll

2009-06-25 16:33 . 2009-06-25 16:33 -------- d-----w- c:\documents and settings\Robin\Application Data\Malwarebytes

2009-06-25 16:33 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-25 16:33 . 2009-06-25 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-25 16:33 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-25 16:33 . 2009-06-25 16:33 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2009-06-25 15:44 . 2009-06-25 15:46 -------- d-----w- c:\program\Spybot - Search & Destroy

2009-06-25 15:44 . 2009-06-25 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-06-24 09:43 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll

2009-06-24 09:43 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys

2009-06-24 09:43 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys

2009-06-24 09:43 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll

2009-06-24 09:43 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys

2009-06-22 21:18 . 2009-06-22 21:18 -------- d-----w- c:\program\Trend Micro

2009-06-22 21:14 . 2009-06-22 17:06 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-06-22 18:40 . 2009-06-22 18:40 -------- d-----w- c:\documents and settings\LocalService\Skrivbord

2009-06-22 17:06 . 2009-06-22 17:03 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-06-22 17:06 . 2009-06-22 17:06 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2009-06-22 17:06 . 2009-06-22 17:06 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll

2009-06-22 17:06 . 2009-06-22 17:06 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2009-06-22 17:06 . 2009-06-22 17:06 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2009-06-22 17:06 . 2009-06-22 17:06 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2009-06-22 17:06 . 2009-06-22 17:06 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2009-06-22 17:06 . 2009-06-22 17:06 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll

2009-06-22 17:04 . 2009-06-22 17:04 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2009-06-22 17:03 . 2009-06-22 17:03 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll

2009-06-22 17:03 . 2009-06-22 17:03 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys

2009-06-22 17:03 . 2009-06-22 17:03 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2009-06-22 17:03 . 2009-06-22 17:03 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe

2009-06-22 17:03 . 2009-06-22 17:03 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2009-06-22 17:02 . 2009-06-22 17:02 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2009-06-22 17:02 . 2009-06-22 17:02 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2009-06-22 17:02 . 2009-06-22 17:02 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-06-22 17:02 . 2009-06-22 17:02 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe

2009-06-22 17:02 . 2009-06-22 17:02 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-06-22 17:02 . 2009-06-22 17:02 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-06-22 16:57 . 2009-06-22 16:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-06-22 16:57 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe

2009-06-22 16:57 . 2009-06-22 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-06-22 16:57 . 2009-06-22 16:57 -------- d-----w- c:\program\Lavasoft

2009-06-22 16:57 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-06-22 16:49 . 2009-06-22 16:49 -------- d-----w- c:\program\Keylogger Hunter

2009-06-22 15:44 . 2009-06-22 15:44 -------- d-sh--w- c:\documents and settings\Robin\IECompatCache

2009-06-22 15:43 . 2009-06-22 15:43 -------- d-sh--w- c:\documents and settings\Robin\PrivacIE

2009-06-22 15:43 . 2009-06-22 15:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-22 15:42 . 2009-06-22 15:42 -------- d-sh--w- c:\documents and settings\Robin\IETldCache

2009-06-22 10:00 . 2009-04-30 21:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-22 10:00 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-22 10:00 . 2009-06-22 10:01 -------- d-----w- c:\windows\ie8updates

2009-06-22 09:59 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-06-22 09:51 . 2009-06-22 09:59 -------- dc-h--w- c:\windows\ie8

2009-06-19 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll

2009-06-19 20:03 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys

2009-06-19 20:03 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys

2009-06-19 20:03 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll

2009-06-19 20:03 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys

2009-06-11 09:44 . 2005-01-13 18:19 15960 ----a-w- c:\windows\system\mingwm10.dll

2009-06-11 09:43 . 2007-02-24 19:53 6142976 ----a-w- c:\windows\system\qt-mt334.DLL

2009-06-11 09:41 . 2005-06-25 13:13 999484 ----a-w- c:\windows\system\common.dll

2009-06-11 09:37 . 2009-06-11 09:37 -------- d-----w- c:\program\Freelancer Mod Manager

2009-06-11 08:02 . 2009-06-11 08:02 -------- d-----w- c:\program\CCP

2009-06-11 08:02 . 2009-06-11 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CCP

2009-06-08 11:17 . 2009-06-08 11:17 -------- d-----w- c:\documents and settings\Robin\Application Data\Leadertech

2009-06-06 08:07 . 2009-06-06 08:07 120088 ----a-w- c:\documents and settings\Robin\Application Data\Mozilla\Plugins\npoctoshape.dll

2009-06-06 08:07 . 2009-06-06 08:07 -------- d-----w- c:\documents and settings\Robin\Application Data\Octoshape

2009-06-06 08:07 . 2009-06-04 10:03 396288 ----a-w- c:\documents and settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\sua-0906040-0-libOctoshapeClient.dll

2009-06-06 08:07 . 2009-06-04 10:03 124184 ----a-w- c:\documents and settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\sua-0906040-0-apoctoshape.dll

2009-06-06 08:07 . 2009-06-04 10:03 120088 ----a-w- c:\documents and settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\sua-0906040-0-npoctoshape.dll

2009-06-06 08:07 . 2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Robin\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

2009-06-04 21:51 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2009-06-04 21:38 . 2009-06-04 21:38 -------- d-----w- c:\program\Gpotato

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-26 20:12 . 2009-01-27 12:25 -------- d-----w- c:\program\Warcraft III

2009-06-26 18:22 . 2009-01-27 12:23 -------- d-----w- c:\program\Garena

2009-06-25 18:20 . 2009-03-03 21:50 -------- d-----w- c:\documents and settings\Robin\Application Data\Spotify

2009-06-25 16:30 . 2009-01-09 20:28 -------- d-----w- C:\Program Files

2009-06-20 09:50 . 2009-01-10 12:09 -------- d-----w- c:\documents and settings\Robin\Application Data\uTorrent

2009-06-20 09:42 . 2009-01-09 20:27 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin

2009-06-14 01:01 . 2009-03-28 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-11 08:41 . 2009-01-27 22:18 -------- d-----w- c:\program\Microsoft Games

2009-06-08 11:14 . 2009-01-09 20:15 -------- d--h--w- c:\program\InstallShield Installation Information

2009-06-08 11:14 . 2009-01-31 09:37 -------- d-----w- c:\program\Atari

2009-06-04 13:53 . 2009-01-09 21:57 -------- d-----w- c:\program\World of Warcraft

2009-05-23 12:29 . 2009-05-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy

2009-05-23 12:29 . 2009-05-23 12:29 -------- d-----w- c:\program\WorldOfGoo

2009-05-22 15:31 . 2009-05-22 15:25 -------- d-----w- c:\program\Counter-Strike Source

2009-05-19 21:50 . 2009-05-19 21:49 -------- d-----w- c:\program\3DO

2009-05-19 21:48 . 2009-01-31 13:50 -------- d-----w- c:\program\Call of Duty 4 - Modern Warfare

2009-05-17 07:48 . 2009-05-17 06:32 -------- d-----w- c:\program\Runes of Magic

2009-05-17 07:00 . 2009-05-16 19:53 -------- d-----w- c:\documents and settings\Robin\Application Data\FOG Downloader

2009-05-13 21:22 . 2009-05-13 19:56 -------- d-----w- c:\documents and settings\Robin\Application Data\LimeWire

2009-05-13 19:56 . 2009-05-13 19:56 -------- d-----w- c:\program\LimeWire

2009-05-13 18:21 . 2009-05-10 11:06 -------- d-----w- c:\program\Civilization IV

2009-05-13 05:06 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-12 14:30 . 2009-04-16 22:07 -------- d-----w- c:\documents and settings\Robin\Application Data\dvdcss

2009-05-10 13:04 . 2009-05-10 12:56 -------- d-----w- c:\program\Civilization IV

2009-05-10 11:21 . 2009-05-10 11:05 -------- d-----w- c:\program\Bioshock

2009-05-09 19:20 . 2009-05-09 10:42 -------- d-----w- c:\program\DAEMON Tools Lite

2009-05-09 15:59 . 2009-04-18 08:04 -------- d-----w- c:\program\DivX

2009-05-09 10:43 . 2009-01-27 12:18 -------- d-----w- c:\documents and settings\Robin\Application Data\DAEMON Tools Lite

2009-05-09 10:42 . 2009-05-09 10:42 -------- d-----w- c:\program\DAEMON Tools Toolbar

2009-05-09 10:38 . 2009-01-27 12:18 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\documents and settings\Robin\Application Data\VOIPlay

2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\program\VOIPlay

2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VOIPlay

2009-05-07 15:33 . 2006-03-02 12:00 347648 ----a-w- c:\windows\system32\localspl.dll

2009-05-02 15:02 . 2009-05-02 14:38 -------- d-----w- c:\program\Left 4 Dead på Homer (Svensson-c765f4)

2009-05-02 14:41 . 2009-05-02 14:39 -------- d-----w- c:\program\Quake 3

2009-04-29 18:18 . 2009-04-29 18:18 -------- d-----w- c:\documents and settings\Robin\Application Data\The Creative Assembly

2009-04-29 18:05 . 2009-04-29 15:48 -------- d-----w- c:\program\Empire Total War

2009-04-28 20:53 . 2009-04-28 20:53 -------- d-----w- c:\program\MSXML 4.0

2009-04-25 18:45 . 2009-04-05 15:03 152576 ----a-w- c:\documents and settings\Robin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-25 00:00 . 2009-01-31 09:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-04-24 23:13 . 2006-03-02 12:00 78440 ----a-w- c:\windows\system32\perfc01D.dat

2009-04-24 23:13 . 2006-03-02 12:00 433272 ----a-w- c:\windows\system32\perfh01D.dat

2009-04-24 22:47 . 2009-01-31 14:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-04-24 22:47 . 2009-01-31 14:19 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll

2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll

2009-04-20 20:26 . 2009-01-27 12:26 89984 ----a-w- c:\windows\War3Unin.dat

2009-04-19 19:51 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:55 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 1126400]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

"RGSC"="c:\program\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-25 306088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Ad-Watch"="c:\program\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Robin\Start-meny\Program\Autostart\

Keylogger Hunter.lnk - c:\program\Keylogger Hunter\KeyloggerHunter.exe [2008-11-14 344064]

PowerReg Scheduler V3.exe [2009-6-8 225280]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Logitech Desktop Messenger.lnk - c:\program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-1-9 450560]

Logitech SetPoint.lnk - c:\program\Logitech\SetPoint\SetPoint.exe [2009-1-9 528384]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\berntsson\\counter-strike\\hl.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\berntsson\\counter-strike source\\hl2.exe"=

"c:\\Program\\Ventrilo\\Ventrilo.exe"=

"c:\\Program\\Garena\\Garena.exe"=

"c:\\Program\\Warcraft III\\Frozen Throne.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"=

"c:\\Program\\World of Warcraft\\Launcher.exe"=

"c:\\Program\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=

"c:\\Program\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\Westwood\\RA2\\GAME.EXE"=

"c:\\Program\\NetstormLaunch\\package\\Netstorm.exe"=

"c:\\Program\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=

"c:\\Program\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=

"c:\\Program\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

"c:\\Program\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Documents and Settings\\Robin\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Program\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Program\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Program\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Documents and Settings\\Robin\\Skrivbord\\uppload\\DOW2.exe"=

"c:\\Program\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program\\Quake 3\\quake3.exe"=

"c:\\Documents and Settings\\Robin\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=

"c:\\Program\\CCP\\EVE\\bin\\ExeFile.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"6112:TCP"= 6112:TCP:Blizzard Downloader

"6112:UDP"= 6112:UDP:*:Disabled:starcraft

"6113:TCP"= 6113:TCP:*:Disabled:starcraft

"6113:UDP"= 6113:UDP:*:Disabled:starcraft

"6114:TCP"= 6114:TCP:*:Disabled:starcraft

"6114:UDP"= 6114:UDP:*:Disabled:starcraft

"6115:TCP"= 6115:TCP:*:Disabled:starcraft

"6115:UDP"= 6115:UDP:*:Disabled:starcraft

"6116:TCP"= 6116:TCP:*:Disabled:starcraft

"6116:UDP"= 6116:UDP:*:Disabled:starcraft

"6117:TCP"= 6117:TCP:*:Disabled:starcraft

"6117:UDP"= 6117:UDP:*:Disabled:starcraft

"6118:TCP"= 6118:TCP:*:Disabled:starcraft

"6118:UDP"= 6118:UDP:*:Disabled:starcraft

"6119:UDP"= 6119:UDP:*:Disabled:starcraft

"6119:TCP"= 6119:TCP:*:Disabled:starcraft

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-06-22 64160]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-22 28544]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [2009-03-20 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [2009-03-20 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [2009-03-20 482352]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys [2009-06-24 276344]

R2 Norton AntiVirus;Norton AntiVirus;c:\program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-03-20 115560]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-01-09 38656]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1003344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:02]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-ASUSGamerOSD - c:\program files\ASUS\GamerOSD\GamerOSD.exe

 

 

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

IE: E&xport to Microsoft Excel - c:\program\MICROS~4\Office12\EXCEL.EXE/3000

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-26 22:41

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-2025429265-813497703-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-2025429265-813497703-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:f1,9f,6f,f0,b5,88,48,8c,46,07,78,35,f3,7f,ae,f7,7f,7d,15,a6,bc,

42,2d,14,06,50,b4,dc,ef,f4,0f,4d,58,4d,16,af,12,cc,21,d0,a4,6a,3d,a2,8c,ec,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(1172)

c:\windows\system32\Ati2evxx.dll

c:\program\Delade filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Sluttid: 2009-06-26 22:43

ComboFix-quarantined-files.txt 2009-06-26 20:43

 

Före genomsökningen: 151 421 526 016 byte ledigt

Efter genomsökningen: 151 869 456 384 byte ledigt

 

290 --- E O F --- 2009-06-22 10:02

Share this post


Link to post
Share on other sites

Hi again,

 

I think we got it. Please run this on-line scan to check for leftovers:

 

Please do the following:

Run a BitDefender Online scan Here and post the results.

 

jedi

Share this post


Link to post
Share on other sites

For some reason BitDefender Online refuses to work for me, when the virus signature is uppdated to 100% it just stays there and refuses to go on.

Share this post


Link to post
Share on other sites

Hi again,

 

OK, try one of these two:

 

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols.shtml

 

Scroll to the bottom of the page, and click Start Scan.

 

When prompted, choose to install the software. After the software has installed, click Accept. Click Custom Scan and check the option for Scan inside archives, then click Start. The necessary databases will then be downloaded, and the scan will then start automatically.

 

Please be patient as this scan will take a while to complete. If any infections are found then once the scan has finished, the "cleaning" screen will be displayed.

 

Choose Automatic cleaning (recommended).After cleaning has finished, then the Finish screen will be displayed.

 

Choose Show Report. In order to post the report, press CTRL+A on your keyboard to highlight all the text.

 

Then copy and paste that information into this thread.

 

or:

 

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

 

jedi

Share this post


Link to post
Share on other sites

I did both the online scans and none of them found anything other than cookies. Both i also did a new scan with my norton antivirus and it found several trojans and other maleware.

 

Here is the log from esets online scan:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.5863

# api_version=3.0.2

# EOSSerial=160809ae3c81294d9b0b0e466df301aa

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-06-28 09:02:36

# local_time=2009-06-28 11:02:36 (+0100, Västeuropa, normaltid)

# country="Sweden"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=3587 21 100 94 86830295625000

# scanned=240110

# found=0

# cleaned=0

# scan_time=17194

 

 

And here is the log from f-secure:

 

Scanning Report

Sunday, June 28, 2009 13:30:23 - 16:56:43

 

Computer name: BERTO

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

3 malware found

TrackingCookie.Atdmt (spyware)

 

* System (Disinfected)

 

Client-IRC.Win32.mIRC (spyware)

 

* System (Disinfected)

 

TrackingCookie.Yieldmanager (spyware)

 

* System (Disinfected)

 

Statistics

Scanned:

 

* Files: 627703

* System: 3719

* Not scanned: 277

 

Actions:

 

* Disinfected: 3

* Renamed: 0

* Deleted: 0

* Not cleaned: 0

* Submitted: 0

 

Files not scanned:

 

* C:\PAGEFILE.SYS

* C:\WINDOWS\TEMP\JET4DD.TMP

* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_14C.DAT

* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_24C.DAT

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG

* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG

* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB

* C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\DATASTORE.EDB

* C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS\EDB.LOG

* C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS\TMP.EDB

* C:\Program\World of Warcraft\Data\common.MPQ

* C:\Program\World of Warcraft\Data\lichking.MPQ

* C:\Program\World of Warcraft\Data\patch.MPQ

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack000.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack001.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack002.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack003.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack004.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack005.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack006.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack007.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack008.vpk

* C:\Program\Vampire The Masquerade - Bloodlines\Vampire The Masquerade Bloodlines - Ultimate.rar\Vampire The Masquerade\Vampire The Masquerade - Bloodlines\Vampire\pack009.vpk

* C:\Program\Titan.Quest.Immortal.Throne-Unleashed\unl-tqit.iso

* C:\Program\Titan.Quest-Unleashed\rld-tiqu.iso

* C:\Program\starcraft\World of Warcraft Public Test\Data\common.MPQ

* C:\Program\starcraft\World of Warcraft Public Test\Data\lichking.MPQ

* C:\Program\Runes of Magic\update.inf\install.ini

* C:\Program\Runes of Magic\update.inf\country.ini

* C:\Program\Runes of Magic\update.inf\ImageSwitch.ini

* C:\Program\Runes of Magic\update.inf\localization.ini

* C:\Program\Runes of Magic\update.inf\serverlist_cn.ini

* C:\Program\Runes of Magic\update.inf\serverlist_de.ini

* C:\Program\Runes of Magic\update.inf\serverlist_eneu.ini

* C:\Program\Runes of Magic\update.inf\serverlist_enus.ini

* C:\Program\Runes of Magic\update.inf\serverlist_jp.ini

* C:\Program\Runes of Magic\update.inf\serverlist_my.ini

* C:\Program\Runes of Magic\update.inf\serverlist_ru.ini

* C:\Program\Runes of Magic\update.inf\serverlist_rw.ini

* C:\Program\Runes of Magic\update.inf\serverlist_sg.ini

* C:\Program\Runes of Magic\update.inf\serverlist_tr.ini

* C:\Program\Runes of Magic\update.inf\serverlist_tw.ini

* C:\Program\Runes of Magic\update.inf\string_cn.ini

* C:\Program\Runes of Magic\update.inf\string_de.ini

* C:\Program\Runes of Magic\update.inf\string_eneu.ini

* C:\Program\Runes of Magic\update.inf\string_enus.ini

* C:\Program\Runes of Magic\update.inf\string_jp.ini

* C:\Program\Runes of Magic\update.inf\string_my.ini

* C:\Program\Runes of Magic\update.inf\string_ru.ini

* C:\Program\Runes of Magic\update.inf\string_sg.ini

* C:\Program\Runes of Magic\update.inf\string_tr.ini

* C:\Program\Runes of Magic\update.inf\string_tw.ini

* C:\Program\Runes of Magic\update.inf\update_cn.ini

* C:\Program\Runes of Magic\update.inf\update_de.ini

* C:\Program\Runes of Magic\update.inf\update_eneu.ini

* C:\Program\Runes of Magic\update.inf\update_enus.ini

* C:\Program\Runes of Magic\update.inf\update_jp.ini

* C:\Program\Runes of Magic\update.inf\update_my.ini

* C:\Program\Runes of Magic\update.inf\update_ru.ini

* C:\Program\Runes of Magic\update.inf\update_rw.ini

* C:\Program\Runes of Magic\update.inf\update_sg.ini

* C:\Program\Runes of Magic\update.inf\update_tr.ini

* C:\Program\Runes of Magic\update.inf\update_tw.ini

* C:\Program\Runes of Magic\update.inf\version.ini

* C:\Program\Guitar Hero III - Legends Of Rock\Guitar Hero III Legends Of Rock [PCDVD][MULTI5][www.zonatorrent.com].mdf

* C:\Program\Garena\mdata.ggz\mh.xml

* C:\Program\Garena\skin_bs\garenatv.ggz\garenatv.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\GTVBtnOff.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\GTVBtnOn.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\GTVDetailsBG.png

* C:\Program\Garena\skin_bs\garenatv.ggz\GTVHighlight.png

* C:\Program\Garena\skin_bs\garenatv.ggz\GTVLVIcons.png

* C:\Program\Garena\skin_bs\garenatv.ggz\GTVPanel.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\Header.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\menu.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\ProgressBarBgH.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\ProgressBarBgV.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\ProgressBarH.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\ProgressBarV.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\rateempty.png

* C:\Program\Garena\skin_bs\garenatv.ggz\ratefull.png

* C:\Program\Garena\skin_bs\garenatv.ggz\Tab.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\TabBg.bmp

* C:\Program\Garena\skin_bs\garenatv.ggz\ui.xml

* C:\Program\Garena\skin_bs\garenatv.ggz\Window.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\split_h.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\split_v.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\splitter_h.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\Tab.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\TabBg.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\ui.xml

* C:\Program\Garena\skin_bs\Skin.ggz\Window.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\Others.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/0.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/1.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/100.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/11.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/2.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/3.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/4.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/5.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/6.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\usertype/Thumbs.db

* C:\Program\Garena\skin_bs\Skin.ggz\Arrow_Down.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\Arrow_Up.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\Button.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\comment_header.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\GameIconsBig.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\goldmem.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\Header.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\login_gg_logo.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\login_header_bar.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\Logo.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\menu.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\messagetab.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\outbar_lab.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\panel.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\ProgressBarBgH.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\ProgressBarBgV.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\ProgressBarH.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\ProgressBarV.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\ScrollBarArrows.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\ScrollBarArrowsHBg.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\ScrollNews.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\shop_gm.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\shop_gm_type.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\shop_magic_item.bmp

* C:\Program\Garena\skin_bs\Skin.ggz\Skin.xml

* C:\Program\Garena\skin_bs\Skin.ggz\skinmsn.bmp

* C:\Program\Garena\Skin\garenatv.ggz\garenatv.bmp

* C:\Program\Garena\Skin\garenatv.ggz\GTVBtnOff.bmp

* C:\Program\Garena\Skin\garenatv.ggz\GTVBtnOn.bmp

* C:\Program\Garena\Skin\garenatv.ggz\GTVDetailsBG.png

* C:\Program\Garena\Skin\garenatv.ggz\GTVHighlight.png

* C:\Program\Garena\Skin\garenatv.ggz\GTVLVIcons.png

* C:\Program\Garena\Skin\garenatv.ggz\GTVPanel.bmp

* C:\Program\Garena\Skin\garenatv.ggz\Header.bmp

* C:\Program\Garena\Skin\garenatv.ggz\menu.bmp

* C:\Program\Garena\Skin\garenatv.ggz\ProgressBarBgH.bmp

* C:\Program\Garena\Skin\garenatv.ggz\ProgressBarBgV.bmp

* C:\Program\Garena\Skin\garenatv.ggz\ProgressBarH.bmp

* C:\Program\Garena\Skin\garenatv.ggz\ProgressBarV.bmp

* C:\Program\Garena\Skin\garenatv.ggz\rateempty.png

* C:\Program\Garena\Skin\garenatv.ggz\ratefull.png

* C:\Program\Garena\Skin\Skin.ggz\GameIconsBig.bmp

* C:\Program\Garena\Skin\Skin.ggz\goldmem.bmp

* C:\Program\Garena\Skin\garenatv.ggz\Tab.bmp

* C:\Program\Garena\Skin\Skin.ggz\Header.bmp

* C:\Program\Garena\Skin\garenatv.ggz\TabBg.bmp

* C:\Program\Garena\Skin\garenatv.ggz\ui.xml

* C:\Program\Garena\Skin\garenatv.ggz\Window.bmp

* C:\Program\Garena\Skin\Skin.ggz\login_gg_logo.bmp

* C:\Program\Garena\Skin\Skin.ggz\login_header_bar.bmp

* C:\Program\Garena\Skin\Skin.ggz\Logo.bmp

* C:\Program\Garena\Skin\Skin.ggz\menu.bmp

* C:\Program\Garena\Skin\Skin.ggz\messagetab.bmp

* C:\Program\Garena\Skin\Skin.ggz\Others.bmp

* C:\Program\Garena\Skin\Skin.ggz\outbar_lab.bmp

* C:\Program\Garena\Skin\Skin.ggz\panel.bmp

* C:\Program\Garena\Skin\Skin.ggz\ProgressBarBgH.bmp

* C:\Program\Garena\Skin\Skin.ggz\ProgressBarBgV.bmp

* C:\Program\Garena\Skin\Skin.ggz\ProgressBarH.bmp

* C:\Program\Garena\Skin\Skin.ggz\ProgressBarV.bmp

* C:\Program\Garena\Skin\Skin.ggz\ScrollBarArrows.bmp

* C:\Program\Garena\Skin\Skin.ggz\ScrollBarArrowsHBg.bmp

* C:\Program\Garena\Skin\Skin.ggz\ScrollNews.bmp

* C:\Program\Garena\Skin\Skin.ggz\shop_gm.bmp

* C:\Program\Garena\Skin\Skin.ggz\shop_gm_type.bmp

* C:\Program\Garena\Skin\Skin.ggz\shop_magic_item.bmp

* C:\Program\Garena\Skin\Skin.ggz\Skin.xml

* C:\Program\Garena\Skin\Skin.ggz\skinmsn.bmp

* C:\Program\Garena\Skin\Skin.ggz\split_h.bmp

* C:\Program\Garena\Skin\Skin.ggz\split_v.bmp

* C:\Program\Garena\Skin\Skin.ggz\splitter_h.bmp

* C:\Program\Garena\Skin\Skin.ggz\Tab.bmp

* C:\Program\Garena\Skin\Skin.ggz\TabBg.bmp

* C:\Program\Garena\Skin\Skin.ggz\ui.xml

* C:\Program\Garena\Skin\Skin.ggz\Window.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/0.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/1.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/100.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/11.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/2.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/3.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/4.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/5.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/6.bmp

* C:\Program\Garena\Skin\Skin.ggz\usertype/Thumbs.db

* C:\Program\Garena\Skin\Skin.ggz\Arrow_Down.bmp

* C:\Program\Garena\Skin\Skin.ggz\Arrow_Up.bmp

* C:\Program\Garena\Skin\Skin.ggz\Button.bmp

* C:\Program\Garena\Skin\Skin.ggz\comment_header.bmp

* C:\Program\Garena\Languages\FPSGame.dll.cn\lang.xml

* C:\Program\Garena\Languages\FPSGame.dll.tw\lang.xml

* C:\Program\Garena\Languages\FPSGame.dll.en\lang.xml

* C:\Program\Garena\Languages\Garena.exe.br\Garena.exe.br.xml

* C:\Program\Garena\Languages\Garena.exe.cn\Garena.exe.cn.xml

* C:\Program\Garena\Languages\Garena.exe.en\Garena.exe.en.xml

* C:\Program\Garena\Languages\Garena.exe.id\Garena.exe.id.xml

* C:\Program\Garena\Languages\Garena.exe.ru\Garena.exe.ru.xml

* C:\Program\Garena\Languages\Garena.exe.sp\Garena.exe.sp.xml

* C:\Program\Garena\Languages\Garena.exe.th\Garena.exe.th.xml

* C:\Program\Garena\Languages\Garena.exe.tw\Garena.exe.tw.xml

* C:\Program\Garena\Languages\Garena.exe.vn\Garena.exe.vn.xml

* C:\Program\Garena\Languages\GarenaTV_UI.dll.cn\lang.xml

* C:\Program\Garena\Languages\GarenaTV_UI.dll.cn\server.xml

* C:\Program\Garena\Languages\GarenaTV_UI.dll.en\lang.xml

* C:\Program\Garena\Languages\GarenaTV_UI.dll.en\server.xml

* C:\Program\Garena\Languages\GarenaTV_UI.dll.id\lang.xml

* C:\Program\Garena\Languages\GarenaTV_UI.dll.id\server.xml

* C:\Program\Garena\Languages\GarenaTV_UI.dll.tw\lang.xml

* C:\Program\Garena\Languages\GarenaTV_UI.dll.tw\server.xml

* C:\Program\Garena\Languages\update.exe.cn\update.exe.cn.xml

* C:\Program\Garena\Languages\update.exe.tw\update.exe.tw.xml

* C:\Program\Garena\Languages\update2.exe.cn\update2.exe.cn.xml

* C:\Program\Garena\Languages\update2.exe.tw\update2.exe.tw.xml

* C:\Program\Garena\Languages\WC3Ass.dll.cn\lang.xml

* C:\Program\Garena\Languages\WC3Ass.dll.en\lang.xml

* C:\Program\Garena\Languages\WC3Ass.dll.tw\lang.xml

* C:\Program\Garena\Languages\WC3Ass.dll.vn\lang.xml

* C:\Program\Garena\Languages\WC3Ladder.dll.cn\lang.xml

* C:\Program\Garena\Languages\WC3Ladder.dll.en\lang.xml

* C:\Program\Garena\Languages\WC3Ladder.dll.tw\lang.xml

* C:\Program\Garena\GarenaTV\cn_s.ggz\lang.xml

* C:\Program\Garena\GarenaTV\cn_s.ggz\server.xml

* C:\Program\Garena\GarenaTV\cn.ggz\default_cn.xml

* C:\Program\Garena\GarenaTV\cn.ggz\dota657b_cn.xml

* C:\Program\Garena\GarenaTV\cn.ggz\dota659_cn.xml

* C:\Program\Garena\GarenaTV\id_s.ggz\server.xml

* C:\Program\Garena\GarenaTV\en_s.ggz\lang.xml

* C:\Program\Garena\GarenaTV\en_s.ggz\server.xml

* C:\Program\Garena\GarenaTV\en.ggz\default.xml

* C:\Program\Garena\GarenaTV\en.ggz\dota657b.xml

* C:\Program\Garena\GarenaTV\en.ggz\dota659.xml

* C:\Program\Garena\GarenaTV\tw_s.ggz\lang.xml

* C:\Program\Garena\GarenaTV\tw_s.ggz\server.xml

* C:\Program\Garena\GarenaTV\tw.ggz\default_tw.xml

* C:\Program\Garena\GarenaTV\tw.ggz\dota657b_tw.xml

* C:\Program\Garena\GarenaTV\tw.ggz\dota659_tw.xml

* C:\Program\Far_Cry_2-Razor1911\rzr-fcr2.iso

* C:\Program\Delade filer\Adobe\Installers\Adobe Photoshop CS4 11.0 03-30-2009.log.gz\Adobe Photoshop CS4 11.0 03-30-2009.log

* C:\Program\Call of Duty 4 - Modern Warfare\Bioshock.2007.PC-Rip.Full.Game.English.Skullptura\Bioshock.2007.PC-Rip.Full.Game.English.Skullptura.7z

* C:\Program\3DO\Heroes of Might and Magic 3\Maps\Corbus Realm.h3c\Corbus Realm

* C:\Program\3DO\Heroes of Might and Magic 3\Maps\The power of the EYE.h3c\The power of the EYE

* C:\Program\3DO\Heroes of Might and Magic 3\Maps\The%20Civil%20War.h3m\The%20Civil%20War

* C:\DOCUMENTS AND SETTINGS\ROBIN\NTUSER.DAT

* C:\DOCUMENTS AND SETTINGS\ROBIN\NTUSER.DAT.LOG

* C:\Documents and Settings\Robin\Skrivbord\uppload\Warhammer.40.000.Dawn.of.War.II-ViTALiTY\vty-0229.iso

* C:\Documents and Settings\Robin\Skrivbord\uppload\Empire_Total_War_Special_Forces_Edition-Razor1911\DVD1\rzr-etw1.iso

* C:\Documents and Settings\Robin\Mina dokument\Downloads\GTA 4DVD2\rzr-ga4b.iso

* C:\DOCUMENTS AND SETTINGS\ROBIN\LOKALA INSTÄLLNINGAR\TEMP\FML1622.TMP

* C:\DOCUMENTS AND SETTINGS\ROBIN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT

* C:\DOCUMENTS AND SETTINGS\ROBIN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG

* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT

* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG

* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT

* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG

* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT

* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG

* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT

* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG

* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentatta.zip\program Files/Manson/liser.dll

* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentatta.zip\sbRecovery.ini

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_AVPAPP_{BB639333-810A-4BF8-85F5-C537857F55FC}0

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{E8EFD4CD-DE52-4444-9511-EFF3B158724B}0

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{FF9AC67A-E394-46AE-B150-B3365343F166}G

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_NPC.TRAY.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_UI.HOST.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0

 

Options

Scanning engines:

 

Scanning options:

 

* Scan all files

* Scan inside archives

* Use advanced heuristics

Share this post


Link to post
Share on other sites

Hi again,

 

Norton is probably picking up infected restore points rather than active malware.

 

Do Start->Control Panel->System, System restore. Check "Turn off System Restore" and reboot. That will erase all restore points.

After reboot, go back in and turn System Restore back on.

 

Scan again with Norton, if it still finds anything please copy what it finds here.

 

jedi

Share this post


Link to post
Share on other sites

Sorry beeen awey on a trip so havent been able to answer. I did as you said and norton dident find anything this time.

Share this post


Link to post
Share on other sites

Hi again,

 

In that case it looks like your PC is clean.

 

In order to be better protected in the future, I recommend the following programs:

 

SpywareBlaster protects against bad ActiveX.

http://www.javacoolsoftware.com/spywareblaster.html

 

SpywareGuard stops Spyware from being installed.

http://www.javacoolsoftware.com/spywareguard.html

 

Also install the MVPS hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

which blocks innocent looking sites that are not so innocent.

 

All three are very small free programs that you run once, and then just occasionally to check for updates.

 

Also see

How did I get Infected?

 

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking

here http://v4.windowsupdate.microsoft.com/

and following the prompts.

 

jedi

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0