1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved winsaj32.dll TR/Nebuler.J.2

Discussion in 'Malware and Virus Removal Archive' started by light, 2010/04/13.

Page 2 of 3
  1. 2010/04/17
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    heres hijackthis text

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:33:55, on 2010-04-17
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Avira\AntiVir Desktop\sched.exe
    D:\Avira\AntiVir Desktop\avguard.exe
    C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    D:\Avira\AntiVir Desktop\avshadow.exe
    C:\Program\Bonjour\mDNSResponder.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Mouse Driver\KMWDSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program\Synaptics\SynTP\SynTPEnh.exe
    C:\Program\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program\EeePC\ACPI\AsEPCMon.exe
    C:\Program\EeePC\ACPI\AsTray.exe
    C:\Program\Asus\LiveUpdate\LiveUpdate.exe
    C:\Program\Mouse Driver\StartAutorun.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\Mouse Driver\KMConfig.exe
    C:\Program\IVT Corporation\BlueSoleil\BtTray.exe
    C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe
    C:\Program\Mouse Driver\KMProcess.exe
    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
    C:\Program\Delade filer\Java\Java Update\jusched.exe
    D:\Avira\AntiVir Desktop\avgnt.exe
    C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program\Java\jdk1.6.0_18\bin\javaw.exe
    C:\Program\Pando Networks\Media Booster\PMB.exe
    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program\Skype\Phone\Skype.exe
    D:\DAEMON Tools Lite\DTLite.exe
    C:\Program\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\explorer.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program\Synaptics\SynTP\SynAsusAcpi.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [LiveUpdate] C:\Program\Asus\LiveUpdate\LiveUpdate.exe auto
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program\Mouse Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BtTray] "C:\Program\IVT Corporation\BlueSoleil\BtTray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [Java(TM) ME Platform SDK 3.0] "C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe "
    O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe "
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O4 - Global Startup: Network Space.lnk = ?
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: BlueSoleilCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program\Mouse Driver\KMWDSrv.exe
    O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe

    --
    End of file - 11732 bytes
     
    light,
    #21
  2. 2010/04/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good, but we're not out of the woods yet...

    Please download Profiles by noahdfear.

    * Save it to your desktop.
    * Double-click profiles.exe and post its log when you reply.

    =================================================================

    Delete your GMER file, download fresh one, run it and post new log.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/04/17
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    DefaultUserProfile REG_SZ Default User
    AllUsersProfile REG_SZ All Users

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-880824880-3436134146-2971665550-1006
    ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\magnus gunnarsson

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-880824880-3436134146-2971665550-500
    ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administratör

    SystemRoot REG_SZ C:\WINDOWS
     
    light,
    #23
  5. 2010/04/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)
    ...and GMER?
     
    broni,
    #24
  6. 2010/04/18
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    what... whats whit gmer... am i gonna do somheting whit it or what...
     
    light,
    #25
  7. 2010/04/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.
     
    broni,
    #26
  8. 2010/04/18
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    well ok

    btw

    Type: File
    Source: C:\System Volume Information\_restore{57E1F060-B016-44C9-A387-B1FE5EC2C8DF}\RP169\A0077542.dll
    Status: Infected
    Quarantine object: 49bb839c.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.01.220
    Virus definition file: 7.10.06.115
    Detection: Is the TR/Nebuler.J.2 Trojan
    Date/Time: 2010-04-18, 17:35

    new 1...
     
    light,
    #27
  9. 2010/04/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This is not GMER log.
     
    broni,
    #28
  10. 2010/04/18
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    yaaa i now i just told yaaa
    ok i run gmer
     
    light,
    #29
  11. 2010/04/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok.....
     
    broni,
    #30
  12. 2010/04/19
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-19 19:12:12
    Windows 5.1.2600 Service Pack 3
    Running: 3co0l9b2.exe; Driver: C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\pwtdypob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xF3 0xEF 0x2F ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xC6 0x22 0x77 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA7 0xD8 0x51 0x5B ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBF 0xA5 0x1E 0x24 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015832a3d11
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xC5 0x2D 0xF4 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xC6 0x22 0x77 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3D 0x22 0x1C 0x22 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC5 0x22 0xEC 0x76 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015832a3d11 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0xC0 0x98 0x07 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xC6 0x22 0x77 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x99 0x31 0xB4 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBF 0xA5 0x1E 0x24 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0015832a3d11 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
    Reg HKLM\SYSTEM\ControlSet004\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0x73 0x9D 0x90 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xC6 0x22 0x77 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE4 0xF6 0xA2 0x43 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC5 0x22 0xEC 0x76 ...

    ---- EOF - GMER 1.0.15 ----
     
    light,
    #31
  13. 2010/04/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ==================================================================

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
    broni,
    #32
  14. 2010/04/24
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:40:27, on 2010-04-24
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Avira\AntiVir Desktop\sched.exe
    D:\Avira\AntiVir Desktop\avguard.exe
    C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    D:\Avira\AntiVir Desktop\avshadow.exe
    C:\Program\Bonjour\mDNSResponder.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Mouse Driver\KMWDSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program\Synaptics\SynTP\SynTPEnh.exe
    C:\Program\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program\EeePC\ACPI\AsEPCMon.exe
    C:\Program\EeePC\ACPI\AsTray.exe
    C:\Program\Asus\LiveUpdate\LiveUpdate.exe
    C:\Program\Mouse Driver\StartAutorun.exe
    C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program\Mouse Driver\KMConfig.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\IVT Corporation\BlueSoleil\BtTray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe
    C:\Program\Mouse Driver\KMProcess.exe
    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
    C:\Program\Delade filer\Java\Java Update\jusched.exe
    D:\Avira\AntiVir Desktop\avgnt.exe
    C:\Program\Java\jdk1.6.0_18\bin\javaw.exe
    C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program\Pando Networks\Media Booster\PMB.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program\Synaptics\SynTP\SynAsusAcpi.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [LiveUpdate] C:\Program\Asus\LiveUpdate\LiveUpdate.exe auto
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program\Mouse Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BtTray] "C:\Program\IVT Corporation\BlueSoleil\BtTray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [Java(TM) ME Platform SDK 3.0] "C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe "
    O4 - HKLM\..\Run: [HideDragon] C:\HideDragon\HideDragon.exe -A
    O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF17993.cfxxe" /c "C:\ComboFix\C.bat "
    O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe "
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O4 - Global Startup: Network Space.lnk = ?
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: BlueSoleilCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program\Mouse Driver\KMWDSrv.exe
    O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe

    --
    End of file - 13313 bytes
     
    light,
    #33
  15. 2010/04/24
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    KASPERSKY ONLINE SCANNER 7.0: scan report


    KASPERSKY ONLINE SCANNER 7.0: scan report
    Thursday, April 22, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build
    2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Wednesday, April 21, 2010 02:50:47
    Records in database: 3951956



    Scan settings
    scan using the following database extended
    Scan archives yes
    Scan e-mail databases yes

    Scan area My Computer
    C:\
    D:\
    E:\
    I:\

    Scan statistics
    Objects scanned 232955
    Threats found 0
    Infected objects found 0
    Suspicious objects found 0
    Scan duration 08:26:22


    No threats found. Scanned area is clean.
    Selected area has been scanned.
     
    light,
    #34
  16. 2010/04/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, uninstall Ask.com and DAEMON Tools Toolbar through Add\Remove (if present).

    Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

    ==================================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF17993.cfxxe" /c "C:\ComboFix\C.bat "
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O4 - Global Startup: Network Space.lnk = ?


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe "
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c

    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #35
  17. 2010/04/24
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 01:29:06, on 2010-04-25
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Avira\AntiVir Desktop\sched.exe
    D:\Avira\AntiVir Desktop\avguard.exe
    C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    D:\Avira\AntiVir Desktop\avshadow.exe
    C:\Program\Bonjour\mDNSResponder.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Mouse Driver\KMWDSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program\Synaptics\SynTP\SynTPEnh.exe
    C:\Program\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program\EeePC\ACPI\AsEPCMon.exe
    C:\Program\EeePC\ACPI\AsTray.exe
    C:\Program\Asus\LiveUpdate\LiveUpdate.exe
    C:\Program\Mouse Driver\StartAutorun.exe
    C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program\Mouse Driver\KMConfig.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\IVT Corporation\BlueSoleil\BtTray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe
    C:\Program\Mouse Driver\KMProcess.exe
    D:\Avira\AntiVir Desktop\avgnt.exe
    C:\Program\Java\jdk1.6.0_18\bin\javaw.exe
    C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe
    C:\Program\Pando Networks\Media Booster\PMB.exe
    C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program\Skype\Phone\Skype.exe
    C:\Program\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Program\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    c:\program\delade filer\installshield\updateservice\isuspm.exe
    C:\Program\Delade filer\InstallShield\UpdateService\agent.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program\Synaptics\SynTP\SynAsusAcpi.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [LiveUpdate] C:\Program\Asus\LiveUpdate\LiveUpdate.exe auto
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program\Mouse Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BtTray] "C:\Program\IVT Corporation\BlueSoleil\BtTray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [Java(TM) ME Platform SDK 3.0] "C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HideDragon] C:\HideDragon\HideDragon.exe -A
    O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe "
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: BlueSoleilCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program\Mouse Driver\KMWDSrv.exe
    O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe

    --
    End of file - 10877 bytes
     
    light,
    #36
  18. 2010/04/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #37
  19. 2010/04/25
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    thx .

    my cpu seems fine it doesent go bluescreen ewerythime i shutdown now
    i tink it works perfect :)
     
    light,
    #38
  20. 2010/04/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm glad to hear it :)
    Good luck and stay safe :)
     
    broni,
    #39
  21. 2010/04/27
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    1 problem
    deamon tools doesent star (it says that that it cant start when windows debug is on)
     
    light,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...