Ace's other pc

Having software/hardware problems? Get help here!

Postby [Aliens]acer » Sun Oct 12, 2008 11:55 am

[Aliens]kronenbourg wrote:I know mate, but as its been a few days since I looked at this, its best to do a fresh one, as things may change :wink:

Dont have th PC here so it will take a few days maybe
Image
User avatar
[Aliens]acer
2nd Lieutenant
2nd Lieutenant
 
Posts: 879
Joined: Mon Feb 04, 2008 7:05 pm
Location: Sweden, Vetlanda

Postby [Aliens]acer » Wed Oct 22, 2008 9:13 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:19, on 2008-09-29
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Windows\System32\msra.exe
C:\Program Files\Files-Secure\secure.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://se.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: IE plugin - {17A1DBB5-DAD8-4E78-BF7E-9BE4B965408B} - C:\Windows\pmspl.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Player - {E5AF0624-F539-47D9-BA37-D8B339E858F4} - C:\Windows\orgnavi.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CAP3ON] C:\Windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9304 bytes
Image
User avatar
[Aliens]acer
2nd Lieutenant
2nd Lieutenant
 
Posts: 879
Joined: Mon Feb 04, 2008 7:05 pm
Location: Sweden, Vetlanda

Postby [Aliens]kronenbourg » Sun Oct 26, 2008 1:29 pm

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


[CENTER]Image[/CENTER]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]acer » Mon Oct 27, 2008 1:05 am

ComboFix 08-10-25.01 - stefan 2008-10-26 18:21:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1053.18.1229 [GMT 1:00]
Running from: C:\Users\stefan\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\CompWiz.xml
C:\Windows\system32\bsnzafqa.bin
C:\Windows\system32\cfg.dat

.
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 17:06 --------- d-----w C:\Program Files\Norman
2008-10-26 01:36 13,072 ----a-w C:\Users\stefan\AppData\Roaming\nvModes.dat
2008-10-25 21:34 174 --sha-w C:\Program Files\desktop.ini
2008-10-25 21:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-25 21:27 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-25 21:27 --------- d-----w C:\Program Files\Windows Mail
2008-10-25 21:27 --------- d-----w C:\Program Files\Windows Journal
2008-10-25 21:27 --------- d-----w C:\Program Files\Windows Defender
2008-10-25 21:27 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-25 21:27 --------- d-----w C:\Program Files\Windows Calendar
2008-10-25 21:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-10-25 21:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-10-25 20:38 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-10-25 20:38 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-10-25 19:31 --------- d-----w C:\Program Files\MSN Messenger
2008-10-25 18:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 11:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-22 18:49 --------- d-----w C:\Users\stefan\AppData\Roaming\Apple Computer
2008-10-22 14:10 38,496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-10-22 14:10 15,504 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-10-15 19:34 --------- d-----w C:\ProgramData\Apple Computer
2008-10-15 19:34 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 19:34 --------- d-----w C:\Program Files\iTunes
2008-10-15 19:34 --------- d-----w C:\Program Files\iPod
2008-10-15 19:33 --------- d-----w C:\Program Files\Bonjour
2008-10-02 10:40 97,928 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-10-02 10:40 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-10-02 10:40 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-10-02 10:40 --------- d-----w C:\ProgramData\avg8
2008-10-02 10:40 --------- d-----w C:\Program Files\AVG
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-10-01 17:52 --------- d-----w C:\Users\stefan\AppData\Roaming\Malwarebytes
2008-10-01 17:52 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-29 20:10 --------- d-----w C:\Program Files\Trend Micro
2008-09-27 21:05 --------- d-----w C:\Program Files\QuickTime
2008-09-27 21:05 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-20 19:27 --------- d-----w C:\Users\stefan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-11 15:07 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 15:03 --------- d-----w C:\Program Files\Apple Software Update
2008-09-02 10:48 19,512 ----a-w C:\Windows\system32\drivers\nvcv32mf.sys
2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys
2008-08-14 20:18 642 ----a-w C:\Users\stefan\AppData\Roaming\wklnhst.dat
2008-08-05 09:49 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-08-05 09:49 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-10 16:41 22,328 ----a-w C:\Users\stefan\AppData\Roaming\PnkBstrK.sys
2007-12-02 21:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-02 21:23 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 21:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-16 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-02 1234712]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-05 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-05 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK
backup=C:\Windows\pss\Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAP3ON]
--a------ 2002-08-21 16:00 22528 C:\Windows\System32\spool\drivers\w32x86\3\CAP3ONN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-10-25 21:22 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
--a------ 2008-06-02 13:46 273520 C:\Program Files\Norman\Npm\Bin\Zlh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EC609F3D-B307-46AF-B4C1-F928D6C5509B}"= UDP:C:\Program Files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{BB804ACC-51BD-475B-800E-A5ED5E565C3A}"= TCP:C:\Program Files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{011F338F-6641-47DE-8EF1-85E13339D132}"= UDP:C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{009D66E9-D217-4285-BDB2-301A664F931A}"= TCP:C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{6C3DBA1B-5370-4627-AACF-77C7EDE8C088}"= UDP:C:\Program Files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{7146B293-F7D5-4448-A1C1-1F2BD08FDD81}"= TCP:C:\Program Files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{F015DB74-DA05-441F-B63E-804BBA856BC3}"= UDP:C:\Program Files\Grisoft\AVG Free\avgemc.exe:avgemc.exe
"{B055389D-D857-4687-96C9-82C34E2FA523}"= TCP:C:\Program Files\Grisoft\AVG Free\avgemc.exe:avgemc.exe
"{D224A916-2775-499E-8F1F-787A59085703}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{47BEE72B-1F74-4753-8684-D2670F0BC106}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{681552DB-EBF8-4E51-8107-0AF4FC6B64EA}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{AB3EC917-B43B-45D3-A96B-9E6A28343B9E}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F6827DD2-25DD-4FAE-8D86-CCEE164BCEE2}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9687DABF-C9CE-44EE-908F-C811EED4C417}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9B651A0D-FD84-46C7-8BD0-2E6E6AE5497B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{79B0D177-CA30-4193-8B2B-0EBFBB96AD2F}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7B45C8B2-F53E-475A-A510-ADCD75DA213D}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{471C1016-3E5B-413C-A887-6B8646BE370A}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{95CB9E30-7055-4630-A8F9-23CF75685738}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7C7A8020-DD72-42DF-B934-6A2FE370D123}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A4B7CEA5-FEFA-4AAE-9C64-C71AE9AA31C8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A22CA482-0DE1-412A-B398-F868A571E43D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6600B221-02FC-469E-8DCC-769803713B40}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A9086E22-5FF8-4D97-94D9-7BBEBC639555}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-02 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-02 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-02 231704]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-10-02 69128]
S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712]
S3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2008-09-02 19512]
S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 36472]
S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 104288]
S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 25528]
S3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b6111d-6095-11dc-addd-001060d120e2}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b61140-6095-11dc-addd-001060d120e2}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bcbd63f-677d-11dc-ba58-001060d120e2}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bcbd640-677d-11dc-ba58-001060d120e2}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{870bf397-62f4-11dc-85b7-001060d120e2}]
\shell\AutoRun\command - G:\AutoRun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-26 C:\Windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://se.msn.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: &Search
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xportera till Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 18:25:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-26 18:26:40
ComboFix-quarantined-files.txt 2008-10-26 17:26:12

Pre-Run: Det går inte att hitta meddelandetexten för meddelandenumret 0x2379 i meddelandefilen för Application.
Post-Run: 58,848,882,688 byte ledigt

210 --- E O F --- 2008-10-25 19:22:19
Image
User avatar
[Aliens]acer
2nd Lieutenant
2nd Lieutenant
 
Posts: 879
Joined: Mon Feb 04, 2008 7:05 pm
Location: Sweden, Vetlanda

Postby [Aliens]kronenbourg » Tue Nov 04, 2008 7:27 pm

Please download DirLook by jpshortstuff from from one of the following mirrors:
Link 1
Link 2
Link 3
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    Code: Select all
    C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]acer » Tue Nov 04, 2008 7:57 pm

[Aliens]kronenbourg wrote:Please download DirLook by jpshortstuff from from one of the following mirrors:
Link 1
Link 2
Link 3
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    Code: Select all
    C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.

When i have the code in and push DirLook the program crash :?: All 3 links tested and same results
Image
User avatar
[Aliens]acer
2nd Lieutenant
2nd Lieutenant
 
Posts: 879
Joined: Mon Feb 04, 2008 7:05 pm
Location: Sweden, Vetlanda

Postby [Aliens]kronenbourg » Tue Nov 04, 2008 8:02 pm

Will get back to you, will ask the developer :wink:
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]kronenbourg » Wed Nov 05, 2008 1:34 pm

Ace, can you see if you can get this log for me:

C:\dl_log[time]_[date].txt

Should contain some info for debugging and preventing the problem in the future.

Also, as its Vista, did you right-click and select Run As Administrator? If not, try that and let me know what happens.
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]acer » Wed Nov 05, 2008 9:19 pm

Log file i got from DirLook 8)


DirLook.exe v2.0 by jpshortstuff
Log created at 22:12 on 05/11/2008
==================================
Contents of "C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}"

---FOLDERS---

x86 (Created on 15/10/2008 at 19:34) d-----

---FILES---

(none found)

==================================
=EOF=
Image
User avatar
[Aliens]acer
2nd Lieutenant
2nd Lieutenant
 
Posts: 879
Joined: Mon Feb 04, 2008 7:05 pm
Location: Sweden, Vetlanda

Postby [Aliens]kronenbourg » Thu Nov 06, 2008 1:16 pm

Ace, have you just tried running that program yesterday, as the date shown isn't the 4th, when the problems occured.
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]acer » Thu Nov 06, 2008 9:56 pm

Yes yesterday, coz i had problems run it b4.
Didnt run it as admin
Image
User avatar
[Aliens]acer
2nd Lieutenant
2nd Lieutenant
 
Posts: 879
Joined: Mon Feb 04, 2008 7:05 pm
Location: Sweden, Vetlanda

Previous

Return to Tech-support

Who is online

Users browsing this forum: No registered users and 1 guest

cron