Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Hello there i might use some help..


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mikey_gr

Mikey_gr

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 26 December 2007 - 03:07 PM

Hello there i got some problem with viruses and stuff on my computer and i would be glad if i used your help..Here is my hijackthis log..



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:43, on 2007-12-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Program\Logitech\ImageStudio\LogiTray.exe
C:\Program\Java\jre1.5.0_11\bin\jusched.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Microsoft IntelliType Pro\itype.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\OpenOffice.org 2.0\program\soffice.exe
C:\Program\OpenOffice.org 2.0\program\soffice.BIN
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Windows Media Player\wmplayer.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\BitTorrent\bittorrent.exe
C:\Program\Grisoft\AVGFRE~1\avgvv.exe
C:\WINDOWS\explorer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllji.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "c:\Program\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Ubisoft register.lnk = C:\Program\Ubisoft\Register\schedule.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://pagonis.viewn.../SysCamInst.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6561 bytes

    Advertisements

Register to Remove


#2 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 26 December 2007 - 03:33 PM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

Please download ATF Cleaner. Double-click on ATF-Cleaner.exe to start the program.

  • Under the Main tab, put a check next to Select All.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
  • If you use the Firefox browser:
    Click on Firefox at the top and put a check next to Select All.
    If you would like to keep your saved passwords, click No at the prompt.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
  • If you use the Opera browser:
    Click on Opera at the top and put a check next to Select All.
    If you would like to keep your saved passwords, click No at the prompt.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)

Step 2

Please download Combofix:


Double-click on combofix.exe and follow the prompts.
When finished, it will produce a log for you. Save it to a convenient location.

Note: Do not mouseclick Combofix's window whilst it's running. That may cause it to stall.

Step 3

Please download and install CCleaner.

  • Open CCleaner. In the Left Pane, click Tools.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save.
  • Exit Ccleaner by clicking on the X button in the upper right of the CCleaner window.

Step 4

In your next reply, please post:

  • the Combofix log (C:\Combofix.txt)
  • the CCleaner Uninstall List
  • a new HijackThis log


#3 Mikey_gr

Mikey_gr

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 26 December 2007 - 03:58 PM

Hello thank you very much and Merry Christmas.Here are there logs and stuff you asked me for

ComboFix 07-12-21.4 - Peter 2007-12-26 22:40:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.1413 [GMT 1:00]
Running from: C:\Documents and Settings\Peter\Lokala inställningar\Temporary Internet Files\Content.IE5\WUH00S3E\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fcccdaw.dll
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini2
C:\WINDOWS\system32\khfcdde.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\vtsts.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-26 21:50 . 2007-12-26 21:50 <KAT> d-------- C:\Program\Trend Micro
2007-12-26 21:38 . 2007-12-26 21:38 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-25 17:49 . 2007-12-25 17:49 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-25 17:28 . 2007-12-26 21:39 <KAT> d-------- C:\Program\DAEMON Tools Lite
2007-12-25 17:28 . 2007-12-25 17:29 <KAT> d-------- C:\Documents and Settings\Peter\Application Data\DAEMON Tools
2007-12-25 17:26 . 2007-12-25 17:26 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-24 13:08 . 2007-12-26 22:41 <KAT> d-------- C:\Program\DNA
2007-12-24 13:08 . 2007-12-24 13:08 <KAT> d-------- C:\Program\BitTorrent
2007-12-24 13:08 . 2007-12-26 22:46 <KAT> d-------- C:\Documents and Settings\Peter\Application Data\DNA
2007-12-24 13:08 . 2007-12-26 22:46 <KAT> d-------- C:\Documents and Settings\Peter\Application Data\BitTorrent
2007-12-18 19:57 . 2007-12-18 19:57 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-18 19:57 . 2007-10-19 04:19 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-18 19:57 . 2007-12-18 19:57 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-18 19:56 . 2007-12-18 19:56 <KAT> dr-h----- C:\Documents and Settings\Peter\Application Data\SecuROM
2007-12-18 19:56 . 2007-12-18 19:56 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-18 19:32 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-18 19:32 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-18 19:32 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-18 19:32 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-18 19:32 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-12-18 19:32 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-18 19:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-12-18 19:32 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-12-18 19:32 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-18 19:31 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-18 19:31 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-12-18 19:31 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-12-01 13:35 . 2007-12-01 13:35 <KAT> d-------- C:\WINDOWS\EbilRo
2007-12-01 13:35 . 2007-12-17 20:11 <KAT> d-------- C:\Program\EbilRo
2007-11-28 18:04 . 2007-12-26 20:22 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2007-11-27 21:42 . 2007-12-26 20:23 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{FFF4550E-E112-4D2E-AB2B-30F19DAA495D}
2007-11-27 21:40 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2007-11-27 21:40 . 2007-03-13 15:22 667,648 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2007-11-27 21:40 . 2007-03-15 10:13 249,856 --a------ C:\WINDOWS\system32\wnicapi.dll
2007-11-27 21:40 . 2007-03-09 14:00 225,280 --a------ C:\WINDOWS\system32\WlanApp.dll
2007-11-27 21:40 . 2007-02-08 13:55 204,800 --a------ C:\WINDOWS\system32\aIPH.dll
2007-11-27 21:40 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2007-11-27 21:40 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2007-11-27 21:40 . 2006-09-26 13:49 45,115 --a------ C:\WINDOWS\system32\ANICtl.dll
2007-11-27 21:40 . 2007-12-26 22:48 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{FFF4550E-E112-4D2E-AB2B-30F19DAA495D}
2007-11-27 21:39 . 2007-11-27 21:39 <KAT> d-------- C:\Program\D-Link
2007-11-27 21:39 . 2007-11-27 21:40 <KAT> d-------- C:\Program\ANI
2007-11-27 21:39 . 2007-03-13 12:35 476,416 --a------ C:\WINDOWS\system32\drivers\rt2870.sys
2007-11-27 21:39 . 2005-12-13 10:38 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2007-11-27 21:39 . 2005-10-21 15:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2007-11-27 21:39 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2007-11-27 21:39 . 2004-10-14 10:29 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2007-11-27 21:39 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2007-11-27 21:38 . 2007-11-27 21:38 <KAT> d-------- C:\Documents and Settings\Peter\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 21:44 --------- d-----w C:\Program\Microsoft IntelliType Pro
2007-12-26 21:41 --------- d-----w C:\Program\Microsoft IntelliPoint
2007-12-26 19:23 --------- d-----w C:\Documents and Settings\Peter\Application Data\OpenOffice.org2
2007-12-26 10:47 --------- d-----w C:\Program\Windows Live Safety Center
2007-12-25 16:49 --------- d--h--w C:\Program\InstallShield Installation Information
2007-12-24 12:17 --------- d-----w C:\Program\LimeWire
2007-12-18 18:32 --------- d-----w C:\Program\Electronic Arts
2007-11-21 17:45 --------- d-----w C:\Documents and Settings\Peter\Application Data\Microgaming
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]
"Free Download Manager"="C:\Program\Free Download Manager\fdm.exe" []
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BitTorrent DNA"="C:\Program\DNA\btdna.exe" [2007-12-26 22:41]
"DAEMON Tools Lite"="C:\Program\DAEMON Tools Lite\daemon.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 11:00 C:\WINDOWS\system32\rundll32.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 12:17 C:\WINDOWS\stsystra.exe]
"AVG7_CC"="C:\Program\Grisoft\AVGFRE~1\avgcc.exe" []
"LVCOMS"="C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE" []
"LogitechGalleryRepair"="C:\Program\Logitech\ImageStudio\ISStart.exe" []
"LogitechImageStudioTray"="C:\Program\Logitech\ImageStudio\LogiTray.exe" []
"SunJavaUpdateSched"="C:\Program\Java\jre1.5.0_11\bin\jusched.exe" []
"IntelliPoint"="C:\Program\Microsoft IntelliPoint\point32.exe" []
"itype"="c:\Program\Microsoft IntelliType Pro\itype.exe" []
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"ANIWZCS2Service"="C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" []
"D-Link D-Link Wireless N DWA-140"="C:\Program\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00]
"AVG7_Run"="C:\Program\Grisoft\AVGFRE~1\avgw.exe" [2007-11-03 22:30]

C:\Documents and Settings\Peter\Start-meny\Program\Autostart\
OpenOffice.org 2.0.lnk - C:\Program\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 13:36:42]
Ubisoft register.lnk - C:\Program\Ubisoft\Register\schedule.exe [2007-10-15 18:03:14]

R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 14:21]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 14:24]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]
S3 npkycryp;npkycryp;C:\Gravity\RO\npkycryp.sys []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 22:48:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 22:49:59 - machine was rebooted
.
2007-12-14 17:51:36 --- E O F ---




AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Alexander
ANIO Service
ANIWZCS2 Service
AutoUpdate
AVG Free Edition
BitTorrent
Bonniers Trafikskola 2006
CCleaner (remove only)
Dell Resource CD
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
D-Link Wireless N DWA-140
DNA
EbilRo
Expekt Poker
GameShadow
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hitman 2: Silent Assassin
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Intel® PRO Network Connections Drivers
InterActual Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
LimeWire PRO 4.14.8
Logitech ImageStudio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.2
Microsoft IntelliType Pro 6.1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Need for Speed™ Carbon
Need for Speed™ ProStreet
NordicBet Poker
NVIDIA Drivers
OpenOffice.org 2.0
Ragnarok Online
Ragnarok Sakray
SigmaTel Audio
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB914440)
Spybot - Search & Destroy 1.4
Svenska Spels Poker
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows XP (KB893756)
Säkerhetsuppdatering för Windows XP (KB896358)
Säkerhetsuppdatering för Windows XP (KB896423)
Säkerhetsuppdatering för Windows XP (KB896424)
Säkerhetsuppdatering för Windows XP (KB896428)
Säkerhetsuppdatering för Windows XP (KB899587)
Säkerhetsuppdatering för Windows XP (KB899591)
Säkerhetsuppdatering för Windows XP (KB901017)
Säkerhetsuppdatering för Windows XP (KB901214)
Säkerhetsuppdatering för Windows XP (KB902400)
Säkerhetsuppdatering för Windows XP (KB904706)
Säkerhetsuppdatering för Windows XP (KB905414)
Säkerhetsuppdatering för Windows XP (KB905749)
Säkerhetsuppdatering för Windows XP (KB908519)
Säkerhetsuppdatering för Windows XP (KB911562)
Säkerhetsuppdatering för Windows XP (KB911927)
Säkerhetsuppdatering för Windows XP (KB912919)
Säkerhetsuppdatering för Windows XP (KB913580)
Säkerhetsuppdatering för Windows XP (KB914388)
Säkerhetsuppdatering för Windows XP (KB914389)
Säkerhetsuppdatering för Windows XP (KB917422)
Säkerhetsuppdatering för Windows XP (KB917953)
Säkerhetsuppdatering för Windows XP (KB918118)
Säkerhetsuppdatering för Windows XP (KB918439)
Säkerhetsuppdatering för Windows XP (KB919007)
Säkerhetsuppdatering för Windows XP (KB920213)
Säkerhetsuppdatering för Windows XP (KB920670)
Säkerhetsuppdatering för Windows XP (KB920683)
Säkerhetsuppdatering för Windows XP (KB920685)
Säkerhetsuppdatering för Windows XP (KB921398)
Säkerhetsuppdatering för Windows XP (KB921503)
Säkerhetsuppdatering för Windows XP (KB922616)
Säkerhetsuppdatering för Windows XP (KB922819)
Säkerhetsuppdatering för Windows XP (KB923191)
Säkerhetsuppdatering för Windows XP (KB923414)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB923694)
Säkerhetsuppdatering för Windows XP (KB923980)
Säkerhetsuppdatering för Windows XP (KB924191)
Säkerhetsuppdatering för Windows XP (KB924270)
Säkerhetsuppdatering för Windows XP (KB924667)
Säkerhetsuppdatering för Windows XP (KB925902)
Säkerhetsuppdatering för Windows XP (KB926255)
Säkerhetsuppdatering för Windows XP (KB926436)
Säkerhetsuppdatering för Windows XP (KB927779)
Säkerhetsuppdatering för Windows XP (KB927802)
Säkerhetsuppdatering för Windows XP (KB928255)
Säkerhetsuppdatering för Windows XP (KB928843)
Säkerhetsuppdatering för Windows XP (KB929123)
Säkerhetsuppdatering för Windows XP (KB930178)
Säkerhetsuppdatering för Windows XP (KB931261)
Säkerhetsuppdatering för Windows XP (KB931784)
Säkerhetsuppdatering för Windows XP (KB932168)
Säkerhetsuppdatering för Windows XP (KB933729)
Säkerhetsuppdatering för Windows XP (KB935839)
Säkerhetsuppdatering för Windows XP (KB935840)
Säkerhetsuppdatering för Windows XP (KB936021)
Säkerhetsuppdatering för Windows XP (KB938829)
Säkerhetsuppdatering för Windows XP (KB941202)
Säkerhetsuppdatering för Windows XP (KB941568)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB943460)
Säkerhetsuppdatering för Windows XP (KB944653)
The Sims 2
Uppdatering för Windows XP (KB894391)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB900485)
Uppdatering för Windows XP (KB904942)
Uppdatering för Windows XP (KB908531)
Uppdatering för Windows XP (KB910437)
Uppdatering för Windows XP (KB911280)
Uppdatering för Windows XP (KB916595)
Uppdatering för Windows XP (KB920872)
Uppdatering för Windows XP (KB922582)
Uppdatering för Windows XP (KB927891)
Uppdatering för Windows XP (KB929338)
Uppdatering för Windows XP (KB930916)
Uppdatering för Windows XP (KB931836)
Uppdatering för Windows XP (KB933360)
Uppdatering för Windows XP (KB936357)
Uppdatering för Windows XP (KB938828)
Uppdatering för Windows XP (KB942763)
Warcraft III: All Products
WC3Banlist
WebFldrs XP
Ventrilo Client
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB839210
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 3.1
WinRAR archiver
World of Warcraft
ZoneAlarm


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:10, on 2007-12-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\OpenOffice.org 2.0\program\soffice.exe
C:\Program\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\notepad.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "c:\Program\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Ubisoft register.lnk = C:\Program\Ubisoft\Register\schedule.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://pagonis.viewn.../SysCamInst.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6228 bytes

#4 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 26 December 2007 - 04:25 PM

Hi :)

Step 1

Click on Start, then Control Panel. Double click on Add or Remove Programs.

Please remove the following program(s):

  • J2SE Runtime Environment 5.0 Update 10
  • J2SE Runtime Environment 5.0 Update 11

Then download and install Java Runtime Environment (JRE) 6 Update 3.

Step 2

Please do an online scan with Kaspersky WebScanner.

Click on Kaspersky Online Scanner. On the welcome screen, click Accept.

You will be promted to install an ActiveX component from Kaspersky, click Install.

  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:

  • Scan using the following Anti-Virus database:

    Extended (if available, otherwise Standard)

  • Scan Options:

    Scan Archives
    Scan Mail Bases

  • Click OK.
  • Now under Select a Target to Scan:

    Select My Computer.

  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop.

Step 3

In your next reply, please post:

  • the Kaspersky Online Scan report
  • a new HijackThis log


#5 Mikey_gr

Mikey_gr

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 26 December 2007 - 06:02 PM

Ok thanks ..Here is all i got from the scan and the hijack log,oh and remember check the OLD combodfix log as you told me to remind ya.


KASPERSKY ONLINE SCANNER REPORT
Thursday, December 27, 2007 12:57:26 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/12/2007
Kaspersky Anti-Virus database records: 494953


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects 63477
Number of viruses found 1
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 00:52:47

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Peter\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Messenger\Kolarakis_Mitsos@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Messenger\Kolarakis_Mitsos@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Messenger\Kolarakis_Mitsos@hotmail.com\SharingMetadata\Working\database_F67C_3943_7C38_FFC3\dfsr.db Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Messenger\Kolarakis_Mitsos@hotmail.com\SharingMetadata\Working\database_F67C_3943_7C38_FFC3\fsr.log Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Messenger\Kolarakis_Mitsos@hotmail.com\SharingMetadata\Working\database_F67C_3943_7C38_FFC3\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Messenger\Kolarakis_Mitsos@hotmail.com\SharingMetadata\Working\database_F67C_3943_7C38_FFC3\tmp.edb Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Windows Live Contacts\Kolarakis_Mitsos@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Application Data\Microsoft\Windows Live Contacts\Kolarakis_Mitsos@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Temp\~DF504A.tmp Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Temp\~DF5174.tmp Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Temp\~DF802.tmp Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Temp\~DF825.tmp Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Peter\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Peter\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Peter\ntuser.dat.LOG Object is locked skipped

C:\Program\DNA\btdna.exe Object is locked skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\khfcdde.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cly skipped

C:\qoobox\Quarantine\catchme2007-12-26_224756.82.zip/fcccdaw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cly skipped

C:\qoobox\Quarantine\catchme2007-12-26_224756.82.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038922.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038950.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038951.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038952.EXE Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038953.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038954.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038955.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038956.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038957.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038958.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP130\A0038959.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0038994.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0038995.EXE Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0038996.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0038997.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0038998.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0038999.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0039000.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0039001.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP131\A0039002.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039006.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039011.dll Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039012.dll Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039013.EXE Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039014.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039015.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039016.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039017.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039018.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039019.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039020.exe Object is locked skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cly skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP132\A0039027.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cly skipped

C:\System Volume Information\_restore{DBE73F57-983C-4A95-849F-669346DF634F}\RP136\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\PETERSDATOR.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\ZLT00bfa.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT00c01.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:59:02, on 2007-12-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\OpenOffice.org 2.0\program\soffice.exe
C:\Program\OpenOffice.org 2.0\program\soffice.BIN
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "c:\Program\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Ubisoft register.lnk = C:\Program\Ubisoft\Register\schedule.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://pagonis.viewn.../SysCamInst.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6375 bytes

#6 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 26 December 2007 - 07:53 PM

Hi :)

Step 1

Please copy and paste the text in the code box into Notepad (Go to Start > Run, type Notepad and hit Enter)

@echo off

sc stop npkycryp
sc delete npkycryp
del /q C:\WINDOWS\system32\mcrh.tmp
exit

Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)

Double-click on Fix.bat to run the file.

Step 2

Click Start then Run....

  • Type Combofix /u in the runbox and click OK. (Note: The space between the x and the /u needs to be there)

    Posted Image

  • This will uninstall Combofix.

In your next reply, please let me know how your computer is currently running.

#7 Mikey_gr

Mikey_gr

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 27 December 2007 - 04:37 AM

Hey thanks a lot..everything is going well and seems like all is as it was..thanks a lot!And merry christmas..If i get another problem i will let you know!

#8 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 27 December 2007 - 06:22 AM

Hi :)

That's great to hear! Here are some tips to keep your computer clean in the future:

Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

Step 1: Turn off System Restore:

  • On the desktop, right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK

Step 2: Reboot your computer.

Step 3: Turn on System Restore:

  • On the desktop, right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK

Note: Only do this once, NOT on a regular basis!

Make your Internet Explorer More Secure

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.

Update your Anti-Virus Software - It is very imprtant that you update your anti-virus software at least once a week (even more if you wish). If you do not update your anti-virus software then it will not be able to catch any of the new variants that will come out.

Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted! - Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. You have to be registered to post. After registering just find your country room and register your complaint. The infection you had was Vundo (Virtumundo).

#9 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 29 December 2007 - 08:55 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users