WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] My Machine Is Infected

Started by Lavie , Sep 05 2007 01:34 AM

This topic is locked

41 replies to this topic

#1 Lavie

Authentic Member

Authentic Member
23 posts

Posted 05 September 2007 - 01:34 AM

Hi - My machine seem to be infected and three icons have been placed on the desktop and named: Error Cleaner, Privacy Protector and Sayware Malware Protecton. The desktop has changed color to read and contains a logo with the following text - "your privacy is in danger" - Spybot has detected smithfraud - C.MSVPS I have downloaded smithfraudfix and done the scan - the logfile is uploaded and attached.

Attached Files

rapport.txt 10.22KB 170 downloads

Advertisements

Register to Remove

#2 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 05 September 2007 - 03:59 AM

Hi! Welcome to the WTT forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

Run Smitfraudfix
Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Download and Run ComboFix

Download this file from below:

Here
Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Please dont attach the logs, but copy/paste them instead.

You too could train to help others- Join the Classroom

#3 Lavie

Authentic Member

Authentic Member
23 posts

Posted 05 September 2007 - 05:39 AM

Hi Scotty It seems that I've managed to solve the problem. Anyway I submit a logfile from Hijackthis-scan for you to have a closer look on. I will also do a combofix-scan and post the result of this scan too - thank you for your kind help.

#4 Lavie

Authentic Member

Authentic Member
23 posts

Posted 05 September 2007 - 06:20 AM

Hi again...

here is the logfile for the combofix-scan, would you tell me if its OK:

rdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
S3 GRABSTER250;Grabster AV 250;C:\WINDOWS\system32\DRIVERS\GRABSTER250.SYS
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCMPR5.SYS
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCNDIS5.SYS
S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
"2007-09-05 11:42:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-25 01:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programfiler\RegistrySmart\RegistrySmart.exe
"2007-01-08 22:26:34 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe
"2007-09-04 16:35:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-06-26 16:35:53 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-04 16:44:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe
"2007-06-26 16:44:10 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 13:46:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [5788] 0x851253A8

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NUAA]
"ImagePath"="C:\Programfiler\Norman\npc\bin\nuaa.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

Completion time: 2007-09-05 13:47:03
C:\ComboFix-quarantined-files.txt ... 2007-09-05 13:46

--- E O F ---

#5 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 05 September 2007 - 06:34 AM

You have missed out most of the Combofix log.

You too could train to help others- Join the Classroom

#6 Lavie

Authentic Member

Authentic Member
23 posts

Posted 05 September 2007 - 07:53 AM

sorry - I'll try again - here we go again....

ComboFix 07-09-05.5 - "Tommy Lavie" 2007-09-05 13:42:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.442 [GMT 2:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt

((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))

2007-09-05 13:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-05 10:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-05 08:55 6,536 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-05 08:54 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-05 08:54 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-05 08:54 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-04 20:16 12,258,475 --------- C:\AVG7QT.DAT
2007-09-04 13:36 266,240 --a------ C:\WINDOWS\msmdev.dll
2007-09-04 13:36 253,952 --a------ C:\WINDOWS\msmhost.dll
2007-09-04 13:36 208,896 --a------ C:\WINDOWS\nsduo.dll
2007-08-23 08:01 42,040 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys
2007-08-13 16:16 355,840 --a------ C:\WINDOWS\system32\Transparent Language.scr
2007-08-13 16:16 <DIR> d-------- C:\Programfiler\TLI
2007-08-13 16:06 <DIR> d-------- C:\WORDACE1
2007-08-12 12:27 79,840 --a------ C:\WINDOWS\system32\drivers\ndis_rd.sys
2007-08-12 12:27 72,320 --a------ C:\WINDOWS\system32\drivers\tdi_rd.sys
2007-08-12 12:27 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr
2007-08-12 12:27 2,973,696 --a------ C:\WINDOWS\system32\qt-mt338.dll
2007-08-12 12:27 19,000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys
2007-08-12 12:26 <DIR> d-------- C:\Programfiler\Norman
2007-08-11 19:46 <DIR> d-------- C:\Programfiler\JazzWare
2007-08-11 18:13 <DIR> d-------- C:\Programfiler\Audacity 1.3 Beta (Unicode)
2007-08-11 18:13 <DIR> d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\Audacity
2007-08-10 16:13 <DIR> d-------- C:\Programfiler\LinkedIn

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-05 13:39 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\Skype
2007-09-05 13:08 --------- d-------- C:\Programfiler\Fellesfiler\Symantec Shared
2007-09-05 13:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Symantec
2007-09-05 09:05 --------- d-------- C:\Programfiler\Dl_cats
2007-09-04 23:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy
2007-08-13 16:16 --------- d--h----- C:\Programfiler\InstallShield Installation Information
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-26 12:03 --------- d-------- C:\Programfiler\Broadcom
2007-07-26 11:49 --------- d-------- C:\Programfiler\ATI Technologies
2007-07-24 18:06 --------- d-------- C:\Programfiler\Microsoft Producer 2
2007-07-24 13:31 --------- d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2
2007-07-24 12:29 --------- d-------- C:\Programfiler\Fellesfiler\LightScribe
2007-07-24 12:28 --------- d-------- C:\Programfiler\NCH Swift Sound
2007-07-24 11:30 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\Symantec
2007-07-24 00:32 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\InstallShield
2007-07-23 18:35 --------- d-------- C:\Programfiler\DivX
2007-07-23 08:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\BVRP Software
2007-07-23 08:43 --------- d-------- C:\Programfiler\Corel
2007-07-22 22:51 --------- d-------- C:\Programfiler\Opera
2007-07-22 22:24 --------- d-------- C:\Programfiler\Windows Live Toolbar
2007-07-22 22:24 --------- d-------- C:\Programfiler\MSN Messenger
2007-07-22 22:24 --------- d-------- C:\Programfiler\MSN Apps
2007-07-22 22:24 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\RegistrySmart
2007-07-22 22:20 --------- d-------- C:\Programfiler\PMG
2007-07-22 22:20 --------- d-------- C:\Programfiler\PIXresizer
2007-07-22 22:20 --------- d-------- C:\Programfiler\IP Hider
2007-07-22 22:20 --------- d-------- C:\Programfiler\Canon
2007-07-22 22:19 --------- d-------- C:\Programfiler\KC Softwares
2007-07-22 22:19 --------- d-------- C:\Programfiler\Avanquest update
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-14 08:57 --------- d-------- C:\Programfiler\EPSON
2007-07-13 14:11 --------- d-------- C:\Programfiler\MSECache
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Windows Live Toolbar
2007-07-10 10:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Office Genuine Advantage
2007-07-09 21:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 21:07 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-09 21:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 21:07 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-09 21:07 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-09 21:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 21:07 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-09 21:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 21:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 21:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 21:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 21:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 21:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 21:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 21:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 21:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 21:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 21:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 21:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 21:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 21:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 21:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-06 21:37 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\RecordPad
2007-07-06 21:37 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\NCH Swift Sound
2007-07-06 21:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\NCH Swift Sound
2007-07-06 10:47 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\Talkback
2007-07-06 10:29 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\Ulead Systems
2007-07-06 10:29 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\DivX
2007-07-06 10:10 --------- d-------- C:\Programfiler\Ulead Systems
2007-07-06 09:23 --------- d-------- C:\Programfiler\Fellesfiler\InterVideo
2007-06-27 16:13 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:13 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:13 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:13 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:13 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:13 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:13 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:13 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:12 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:12 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:12 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:12 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:12 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:12 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:11 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:11 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:11 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:11 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:11 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-04-29 13:56:43 56 --sh--r C:\WINDOWS\system32\2BAD0DDE8E.sys
2006-07-28 09:36:46 88 --sh--r C:\WINDOWS\system32\8EDE0DAD2B.sys
2007-04-29 13:56:47 6,424 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88418AA3-16F5-4FC2-A9D8-90B1266DF841}]
2007-09-04 12:00 208896 --a------ C:\WINDOWS\nsduo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56]
"ShowLOMControl"="1 (0x1)" []
"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
"DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29]
"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"OpwareSE2"="C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 01:50]
"dlccmon.exe"="C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 03:41]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-05-25 11:29]
"Adobe Version Cue CS2"="c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"DPAgnt"="C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 17:27]
"itype"="C:\Programfiler\Microsoft IntelliType Pro\itype.exe" [2005-12-04 17:38]
"SunJavaUpdateSched"="C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52]
"NoteBurner"="C:\Programfiler\NoteBurner\VTBurnerGUI.exe" []
"IPHider"="C:\Programfiler\IP Hider\IP Hider.exe" [2006-10-10 14:10]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-06-28 14:45]
"NPCTray"="C:\Programfiler\Norman\npc\bin\npc_tray.exe" [2007-05-14 11:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-04 20:34]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-09-05 12:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"ModemOnHold"="C:\Programfiler\NetWaiting\netwaiting.exe" [2003-09-10 03:24]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"Telio Phone Client"="C:\Programfiler\Telio Phone\eyeBeamAsDLL.dll" [2005-07-12 14:59]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03]
"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"Uniblue RegistryBooster 2"="C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-05-26 12:08:58]
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msmhost"= {79E459A7-9EBD-42E2-9002-855652B71732} - C:\WINDOWS\msmhost.dll [2007-09-04 12:00 253952]
"msmdev"= {A45DAE5E-476D-4981-9EF5-8A32E1DC6E9D} - C:\WINDOWS\msmdev.dll [2007-09-04 12:00 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2006-10-09 17:27 99856 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli DPPWDFLT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe"

Paused2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe"
R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R1 NPROSEC;Norman Security driver;\??\C:\Programfiler\Norman\Npm\bin\nprosec.sys
R1 TDI_RD;Norman Firewall TDI driver;\??\C:\WINDOWS\system32\drivers\TDI_RD.SYS
R2 Ndiskio;Ndiskio;\??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS
R2 NPROSECSVC;Norman Security service;C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
R2 NVOY;Norman's Very Own supplY of resources;C:\Programfiler\Norman\npm\bin\nvoy.exe
R3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
R3 NPC;Norman Parental Control;C:\Programfiler\Norman\npc\bin\npcsvc32.exe
R3 NUAA;Norman User Activity Agent;C:\Programfiler\Norman\npc\bin\nuaa.exe
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
S3 GRABSTER250;Grabster AV 250;C:\WINDOWS\system32\DRIVERS\GRABSTER250.SYS
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCMPR5.SYS
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCNDIS5.SYS
S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
"2007-09-05 11:42:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-25 01:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programfiler\RegistrySmart\RegistrySmart.exe
"2007-01-08 22:26:34 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe
"2007-09-04 16:35:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-06-26 16:35:53 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-04 16:44:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe
"2007-06-26 16:44:10 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 13:46:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [5788] 0x851253A8

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NUAA]
"ImagePath"="C:\Programfiler\Norman\npc\bin\nuaa.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

Completion time: 2007-09-05 13:47:03
C:\ComboFix-quarantined-files.txt ... 2007-09-05 13:46

--- E O F ---

#7 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 05 September 2007 - 12:49 PM

Hi I really need to see a HijackThis log too before proceeding.

You too could train to help others- Join the Classroom

#8 Lavie

Authentic Member

Authentic Member
23 posts

Posted 05 September 2007 - 01:26 PM

Here we go - Hijackthis-LOG

Logfile of HijackThis v1.99.1
Scan saved at 21:21:12, on 05.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
C:\Programfiler\DigitalPersona\Bin\DpHost.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\fxssvc.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
C:\Programfiler\Microsoft IntelliType Pro\itype.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\NetWaiting\netwaiting.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Norman\npf\bin\npfuser.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\explorer.exe
C:\Programfiler\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Opera\Opera.exe
C:\WORDACE1\WORDACE.EXE
C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.graypages.no/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Programfiler\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IPHider] C:\Programfiler\IP Hider\IP Hider.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Telio Phone Client] "C:\Programfiler\Telio Phone\eyeBeamAsDLL.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A6B646F-816E-49C2-9021-34D25570473C}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msmhost - {79E459A7-9EBD-42E2-9002-855652B71732} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {A45DAE5E-476D-4981-9EF5-8A32E1DC6E9D} - C:\WINDOWS\msmdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

#9 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 05 September 2007 - 01:37 PM

Ok first of all. You have a regkey in the Combolog which has been disabled with the title <No Name>. Any idea what that was?

You are operating your computer with multiple Anti Virus programs running in memory at once:
Norman, AVG

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

Please disable one or the other so they do not conflict.

In the same vein, you have two anti-spy scanners running too. I would suggest disabling either Spybot or AVG-AS.

Post a new HJT log when you have done that.

You too could train to help others- Join the Classroom

#10 Lavie

Authentic Member

Authentic Member
23 posts

Posted 05 September 2007 - 03:23 PM

Hi Scotty - well - I know. When you get trouble you try different options to solve the problem - in this case I tried different programs - thats the reason they appear on the log, I didn¨t turn them of before the log was made. Will post a new log tomorrow... - thank you so far for your kind help -

Advertisements

Register to Remove

#11 Lavie

Authentic Member

Authentic Member
23 posts

Posted 06 September 2007 - 06:15 AM

Hi Scotty... ...well - I was going to do a scan and send you an update after turning of AVG and Spybot yesterday. Everything has functioned ok until 5sec ago - then it seems to be infected again - hmmm - so it seems I have to start all over again.

#12 Lavie

Authentic Member

Authentic Member
23 posts

Posted 06 September 2007 - 06:23 AM

NEW logfile - Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:19:16, on 06.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
C:\Programfiler\DigitalPersona\Bin\DpHost.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\fxssvc.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
C:\Programfiler\Microsoft IntelliType Pro\itype.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\NetWaiting\netwaiting.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\Skype\Plugin Manager\SkypePM.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Norman\npf\bin\npfuser.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Midlertidig mappe 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Programfiler\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IPHider] C:\Programfiler\IP Hider\IP Hider.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Telio Phone Client] "C:\Programfiler\Telio Phone\eyeBeamAsDLL.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A6B646F-816E-49C2-9021-34D25570473C}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msmhost - {79E459A7-9EBD-42E2-9002-855652B71732} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {A45DAE5E-476D-4981-9EF5-8A32E1DC6E9D} - C:\WINDOWS\msmdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

#13 Lavie

Authentic Member

Authentic Member
23 posts

Posted 06 September 2007 - 06:32 AM

SmitFraud SmitFraudFix v2.219 Scan done at 14:27:56,18, 06.09.2007 Run from C:\Documents and Settings\Tommy Lavie\Skrivebord\SIKKERHET\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe C:\Programfiler\DigitalPersona\Bin\DpHost.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe C:\WINDOWS\system32\fxssvc.exe c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\npc\bin\npcsvc32.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\Norman\npc\bin\nuaa.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe C:\Programfiler\QuickTime\qttask.exe C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe C:\Programfiler\Microsoft IntelliType Pro\itype.exe C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\dlcccoms.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\NetWaiting\netwaiting.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\Skype\Plugin Manager\SkypePM.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programfiler\Norman\npf\bin\npfuser.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Midlertidig mappe 2 for hijackthis.zip\HijackThis.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\privacy_danger FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tommy Lavie »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tommy Lavie\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TOMMYL~1\FAVORI~1 C:\DOCUME~1\TOMMYL~1\FAVORI~1\Error Cleaner.url FOUND ! C:\DOCUME~1\TOMMYL~1\FAVORI~1\Privacy Protector.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\TOMMYL~1\SKRIVE~1\Error Cleaner.url FOUND ! C:\DOCUME~1\TOMMYL~1\SKRIVE~1\Privacy Protector.url FOUND ! C:\DOCUME~1\TOMMYL~1\SKRIVE~1\Spyware?Malware Protection.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Programfiler »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm" "SubscribedURL"="" "FriendlyName"="Privacy Protection" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Broadcom 440x 10/100 Integrated Controller - Miniport for pakkeplanlegger DNS Server Search Order: 85.255.115.29 DNS Server Search Order: 85.255.112.140 Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport for pakkeplanlegger DNS Server Search Order: 85.255.115.29 DNS Server Search Order: 85.255.112.140 HKLM\SYSTEM\CCS\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6AACCEB0-3AFE-49AA-A74E-57D7EB2B3473}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: DhcpNameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A6B646F-816E-49C2-9021-34D25570473C}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CCS\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CS1\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6AACCEB0-3AFE-49AA-A74E-57D7EB2B3473}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: DhcpNameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8A6B646F-816E-49C2-9021-34D25570473C}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CS1\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CS3\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS3\Services\Tcpip\..\{6AACCEB0-3AFE-49AA-A74E-57D7EB2B3473}: DhcpNameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: DhcpNameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8A6B646F-816E-49C2-9021-34D25570473C}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CS3\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: NameServer=85.255.115.29,85.255.112.140 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#14 Lavie

Authentic Member

Authentic Member
23 posts

Posted 06 September 2007 - 06:33 AM

#15 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 06 September 2007 - 09:11 AM

Hi You are going to have to slow down a bit. First of all, you are still showing both anti-virus programs running in your Hijackthis log. Having two will not protect you more, as they will conflict with each other and leave you more open to infection. Before we can proceed you must uninstall one of them. It would be a waste of my time and yours if we carry on while they are both active. I can see what the infections are and it shouldnt take us too long to clean up, so remove one of the anti-viruses and post a new HijackThis log so I can see it's done. :thumbup:

You too could train to help others- Join the Classroom

Body Background

skin color theme