Jump to content

Recommended Posts

Hello,

I am another one of those people with the "Malwarebytes successfully blocked access to potentially malicious website" problem...... here is part of the log file:

MESSAGE Protection started successfully

MESSAGE Scheduled update executed successfully

MESSAGE IP Protection started successfully

MESSAGE IP Protection stopped

MESSAGE Database updated successfully

MESSAGE IP Protection started successfully

IP-BLOCK 62.122.75.230 (Type: outgoing)

IP-BLOCK 62.122.75.230 (Type: outgoing)

IP-BLOCK 62.122.75.230 (Type: outgoing)

IP-BLOCK 208.73.210.29 (Type: outgoing)

IP-BLOCK 208.73.210.29 (Type: outgoing)

IP-BLOCK 208.73.210.29 (Type: outgoing)

IP-BLOCK 208.73.210.29 (Type: outgoing)

IP-BLOCK 208.73.210.29 (Type: outgoing)

IP-BLOCK 208.73.210.29 (Type: outgoing)

IP-BLOCK 67.29.139.153 (Type: outgoing)

IP-BLOCK 67.29.139.153 (Type: outgoing)

IP-BLOCK 67.29.139.153 (Type: outgoing)

IP-BLOCK 208.87.32.69 (Type: outgoing)

.... and so on (there are a lot of them)........

I am running Windows XP Professional on my laptop. I seem to have contracted several viruses at once (I had Microsoft Essentials antivirus on the laptop at that time, but no anti-malware programs.)

I got into this situation after contracting the "XP Home Security 2012" Fake Alert virus. After finding help on forums, I got rid of that.

I then uninstalled Microsoft Essentials and installed Malwarebytes + BitDefender 2010 + Spybot Search & Destroy and did full scans, and fixed all viruses/malware found by those applications.

After that, I still had a "windows update disabled" virus on the machine, where I could not enable the windows automatic update function. I found a fix for that on forums, then updated windows and ran all 3 anti-virus/malware apps again.

Now I still seem to have a virus on the machine that tries to access malicious websites (maybe trying to re-install itself on my machine?)

I have followed your published instructions and attached the requested logs to this post. After 4 days and nights of solid work on this, I am at my wits end.......

(p.s. you will see directory names in the log files in Danish and not English .... I have a Danish version of XP Pro.... i.e. "programmer" = "program files", "hotfix til" = "hotfix to", "Opdatering til windows" = "Update to windows", "Sikkerhedsopdatering" = "security update", etc. If you need any translations, please ask, otherwise Google translate does a pretty good job.)

THANK YOU for any help you can provide!

**************************

DDS log file

**************************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Johnny Killerup at 23:25:48 on 2011-08-26

Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3536.1709 [GMT -7:00]

.

AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: BitDefender Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Programmer\Fælles filer\BitDefender\BitDefender Update Service\livesrv.exe

C:\Programmer\BitDefender\BitDefender 2010\vsserv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Programmer\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programmer\idt\dellxpm09b_6159v043\wdm\stacsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programmer\Intel\WiFi\bin\ZCfgSvc.exe

C:\Programmer\Fælles filer\Intel\WirelessCommon\iFrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programmer\DellTPad\Apoint.exe

C:\Programmer\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Programmer\Fælles filer\Java\Java Update\jusched.exe

C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

C:\Programmer\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\Programmer\iTunes\iTunesHelper.exe

C:\Programmer\Fælles filer\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Programmer\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Programmer\BitDefender\BitDefender 2010\bdagent.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programmer\Skype\Phone\Skype.exe

C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmer\Logitech\SetPoint\SetPoint.exe

C:\Programmer\Personal\bin\Personal.exe

C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE

svchost.exe

C:\Programmer\DellTPad\ApMsgFwd.exe

C:\Programmer\DellTPad\HidFind.exe

C:\Programmer\DellTPad\Apntex.exe

C:\Programmer\BitDefender\BitDefender 2010\seccenter.exe

C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programmer\Bonjour\mDNSResponder.exe

C:\Programmer\Intel\WiFi\bin\EvtEng.exe

C:\Programmer\Java\jre6\bin\jqs.exe

C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Programmer\Intel\WiFi\bin\WLKeeper.exe

C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Programmer\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmer\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\programmer\bitdefender\bitdefender 2010\IEToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized

uRun: [spybotSD TeaTimer] c:\programmer\spybot - search & destroy\TeaTimer.exe

mRun: [intelZeroConfig] "c:\programmer\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\programmer\fælles filer\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\programmer\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [iAAnotif] c:\programmer\intel\intel matrix storage manager\iaanotif.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [sunJavaUpdateSched] "c:\programmer\fælles filer\java\java update\jusched.exe"

mRun: [LELA] "c:\programmer\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized

mRun: [HP Software Update] c:\programmer\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Dell Webcam Central] "c:\programmer\dell webcam\dell webcam central\WebcamDell.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"

mRun: [RIMBBLaunchAgent.exe] c:\programmer\fælles filer\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [boingo Wi-Fi] "c:\programmer\boingo\boingo wi-fi\Boingo.lnk"

mRun: [bitDefender Antiphishing Helper] "c:\programmer\bitdefender\bitdefender 2010\IEShow.exe"

mRun: [bDAgent] "c:\programmer\bitdefender\bitdefender 2010\bdagent.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\programmer\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\fllesf~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\logite~1.lnk - c:\programmer\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\personal.lnk - c:\programmer\personal\bin\Personal.exe

IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: webreg.dk

DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{C89019B6-361E-430F-8649-273169358A9C} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R2 BDVEDISK;BDVEDISK;c:\programmer\bitdefender\bitdefender 2010\bdvedisk.sys [2010-1-19 85128]

R2 IAANTMON;Intel® Matrix Storage Event Monitor;c:\programmer\intel\intel matrix storage manager\IAANTmon.exe [2009-7-29 354840]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-7-29 10384]

R2 MBAMService;MBAMService;c:\programmer\malwarebytes' anti-malware\mbamservice.exe [2011-8-24 366640]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-29 112512]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2010-1-4 111312]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-7-29 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-29 109568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-24 22712]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-7-29 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-7-29 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-7-29 280096]

S0 cerc6;cerc6; [x]

S1 fgbpsyov;fgbpsyov;\??\c:\windows\system32\drivers\fgbpsyov.sys --> c:\windows\system32\drivers\fgbpsyov.sys [?]

S1 MpKslcbf061bb;MpKslcbf061bb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9edbfbd6-8bef-486f-ad74-9b490e006bea}\mpkslcbf061bb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9edbfbd6-8bef-486f-ad74-9b490e006bea}\MpKslcbf061bb.sys [?]

S1 MpKslef0903a4;MpKslef0903a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54e09164-fa3d-48eb-9eab-0770345ecd46}\mpkslef0903a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54e09164-fa3d-48eb-9eab-0770345ecd46}\MpKslef0903a4.sys [?]

S2 gupdate1ca1ce7a33a23c0;Tjenesten Google Update (gupdate1ca1ce7a33a23c0);c:\programmer\google\update\GoogleUpdate.exe [2009-8-14 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\programmer\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]

S3 Arrakis3;BitDefender Arrakis Server;c:\programmer\fælles filer\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [2011-8-23 327368]

S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\google\update\GoogleUpdate.exe [2009-8-14 133104]

S3 protecter.sys;protecter.sys;\??\c:\documents and settings\johnny killerup\lokale indstillinger\temp\bdremovaltool\protecter.sys --> c:\documents and settings\johnny killerup\lokale indstillinger\temp\bdremovaltool\protecter.sys [?]

.

=============== Created Last 30 ================

.

2011-08-26 05:13:04 184320 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iuser.dll

2011-08-26 05:13:03 753664 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iKernel.dll

2011-08-26 05:13:03 69714 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\ctor.dll

2011-08-26 05:13:03 5632 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

2011-08-26 05:13:03 331908 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\setup.dll

2011-08-26 05:13:03 274432 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iscript.dll

2011-08-26 05:13:03 200836 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iGdi.dll

2011-08-26 04:41:17 -------- d-----w- c:\documents and settings\johnny killerup\lokale indstillinger\application data\ApplicationHistory

2011-08-24 23:42:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 20:43:21 -------- d-----w- c:\programmer\Spybot - Search & Destroy

2011-08-24 20:43:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-08-24 15:39:06 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-08-24 09:38:26 -------- d-----w- c:\documents and settings\johnny killerup\application data\Malwarebytes

2011-08-24 09:38:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-24 09:38:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-24 09:38:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-24 09:38:07 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware

2011-08-24 08:52:28 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-08-24 06:57:49 -------- d-----w- c:\documents and settings\johnny killerup\application data\BitDefender

2011-08-24 06:57:41 -------- d-----w- C:\Binaries

2011-08-24 06:56:54 -------- d-----w- c:\programmer\BitDefender

2011-08-24 06:56:54 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-08-24 06:54:49 -------- d-----w- c:\windows\system32\URTTEMP

2011-08-24 06:41:06 -------- d-----w- c:\programmer\fælles filer\BitDefender

2011-08-23 19:09:11 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys

2011-08-23 04:35:00 0 ----a-w- c:\documents and settings\all users\application data\xrcw.exe

2011-08-23 04:35:00 0 ----a-w- c:\documents and settings\all users\application data\odko.exe

2011-08-23 04:35:00 0 ----a-w- c:\documents and settings\all users\application data\molh.exe

2011-08-23 04:35:00 0 ----a-w- c:\documents and settings\all users\application data\ccue.exe

.

==================== Find3M ====================

.

2011-08-24 07:13:41 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31:31 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:34 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:48 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-06 11:36:16 1867904 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 23:27:08,79 ===============

mbam-log-2011-08-30 (13-25-36).txt

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (BitDefender and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Next, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post its log.

Link to post
Share on other sites

Hello,

Thanks for the reply.

After I got the virus (and before I posted on this forum), I used control panel > add/remove programs to remove Microsoft Security Essentials (MSE) . Since MSE did not catch the virus, I decided to install BitDefender to see if it would fix it (it did not). I suppose something went wrong and that all traces of MSE were not removed when I uninstalled it.

After receiveing your post, I could not remove MSE because it did not appear in the list of installed programs in control panel > add/remove programs. I searched the C: drive and the only folders referencing MSE were in the "application data" folder (not removed during the uninstall).

I therefore uninstalled BitDefender and reinstalled MSE from the Microsoft website.

I ran a quick scan and MSE detected a virus: Trojan:DOS/Alureon.A

When I clicked "remove", then MSE crashed and asked me to reboot. After rebooting, I got the same error again ... MSE cannot remove the trojan and crashes every time it tries.

I updated MBAB and ran a quick scan, then I ran DDS again .......

Here are the logs you asked for:

***********************

MBAB log

***********************

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7640

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

03-09-2011 01:14:10

mbam-log-2011-09-03 (01-14-10).txt

Scan type: Quick scan

Objects scanned: 161053

Time elapsed: 1 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

***********************

DDS log

***********************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Johnny Killerup at 1:15:25 on 2011-09-03

Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3536.2805 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Programmer\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Programmer\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programmer\idt\dellxpm09b_6159v043\wdm\stacsv.exe

svchost.exe

C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programmer\Bonjour\mDNSResponder.exe

C:\Programmer\Intel\WiFi\bin\EvtEng.exe

C:\Programmer\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Programmer\Intel\WiFi\bin\WLKeeper.exe

C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\Explorer.EXE

C:\Programmer\Intel\WiFi\bin\ZCfgSvc.exe

C:\Programmer\Fælles filer\Intel\WirelessCommon\iFrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programmer\DellTPad\Apoint.exe

C:\Programmer\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Programmer\Fælles filer\Java\Java Update\jusched.exe

C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programmer\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\Programmer\iTunes\iTunesHelper.exe

C:\Programmer\Fælles filer\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Programmer\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Programmer\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmer\Logitech\SetPoint\SetPoint.exe

C:\Programmer\Personal\bin\Personal.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE

C:\Programmer\iPod\bin\iPodService.exe

C:\Programmer\DellTPad\ApMsgFwd.exe

C:\Programmer\DellTPad\HidFind.exe

C:\Programmer\DellTPad\Apntex.exe

C:\Programmer\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmer\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized

uRun: [spybotSD TeaTimer] c:\programmer\spybot - search & destroy\TeaTimer.exe

mRun: [intelZeroConfig] "c:\programmer\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\programmer\fælles filer\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\programmer\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [iAAnotif] c:\programmer\intel\intel matrix storage manager\iaanotif.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [sunJavaUpdateSched] "c:\programmer\fælles filer\java\java update\jusched.exe"

mRun: [LELA] "c:\programmer\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized

mRun: [HP Software Update] c:\programmer\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Dell Webcam Central] "c:\programmer\dell webcam\dell webcam central\WebcamDell.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"

mRun: [RIMBBLaunchAgent.exe] c:\programmer\fælles filer\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [boingo Wi-Fi] "c:\programmer\boingo\boingo wi-fi\Boingo.lnk"

mRun: [MSC] "c:\programmer\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [DWQueuedReporting] "c:\progra~1\fllesf~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\logite~1.lnk - c:\programmer\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\personal.lnk - c:\programmer\personal\bin\Personal.exe

IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: webreg.dk

DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{C89019B6-361E-430F-8649-273169358A9C} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl9b040d4e;MpKsl9b040d4e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98ce64d9-0704-4b6a-8f72-708b15bc2061}\MpKsl9b040d4e.sys [2011-9-3 28752]

R2 IAANTMON;Intel® Matrix Storage Event Monitor;c:\programmer\intel\intel matrix storage manager\IAANTmon.exe [2009-7-29 354840]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-7-29 10384]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-29 112512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-7-29 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-29 109568]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-7-29 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-7-29 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-7-29 280096]

S0 cerc6;cerc6; [x]

S1 fgbpsyov;fgbpsyov;\??\c:\windows\system32\drivers\fgbpsyov.sys --> c:\windows\system32\drivers\fgbpsyov.sys [?]

S1 MpKslcbf061bb;MpKslcbf061bb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9edbfbd6-8bef-486f-ad74-9b490e006bea}\mpkslcbf061bb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9edbfbd6-8bef-486f-ad74-9b490e006bea}\MpKslcbf061bb.sys [?]

S1 MpKslef0903a4;MpKslef0903a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54e09164-fa3d-48eb-9eab-0770345ecd46}\mpkslef0903a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54e09164-fa3d-48eb-9eab-0770345ecd46}\MpKslef0903a4.sys [?]

S2 gupdate1ca1ce7a33a23c0;Tjenesten Google Update (gupdate1ca1ce7a33a23c0);c:\programmer\google\update\GoogleUpdate.exe [2009-8-14 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\programmer\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]

S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [2011-8-23 327368]

S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\google\update\GoogleUpdate.exe [2009-8-14 133104]

S3 protecter.sys;protecter.sys;\??\c:\documents and settings\johnny killerup\lokale indstillinger\temp\bdremovaltool\protecter.sys --> c:\documents and settings\johnny killerup\lokale indstillinger\temp\bdremovaltool\protecter.sys [?]

.

=============== Created Last 30 ================

.

2011-09-03 08:12:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-03 08:12:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-03 08:12:20 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware

2011-09-03 08:07:42 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98ce64d9-0704-4b6a-8f72-708b15bc2061}\MpKsl9b040d4e.sys

2011-09-03 07:40:57 7152464 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98ce64d9-0704-4b6a-8f72-708b15bc2061}\mpengine.dll

2011-09-03 07:39:27 -------- d-----w- c:\programmer\Microsoft Security Client

2011-09-03 07:27:55 -------- d--h--w- c:\windows\PIF

2011-08-26 05:13:04 184320 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iuser.dll

2011-08-26 05:13:03 753664 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iKernel.dll

2011-08-26 05:13:03 69714 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\ctor.dll

2011-08-26 05:13:03 5632 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

2011-08-26 05:13:03 331908 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\setup.dll

2011-08-26 05:13:03 274432 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iscript.dll

2011-08-26 05:13:03 200836 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iGdi.dll

2011-08-26 04:41:17 -------- d-----w- c:\documents and settings\johnny killerup\lokale indstillinger\application data\ApplicationHistory

2011-08-24 23:42:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 20:43:21 -------- d-----w- c:\programmer\Spybot - Search & Destroy

2011-08-24 20:43:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-08-24 15:39:06 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-08-24 09:38:26 -------- d-----w- c:\documents and settings\johnny killerup\application data\Malwarebytes

2011-08-24 09:38:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-24 08:52:28 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-08-24 06:56:54 -------- d-----w- c:\programmer\BitDefender

2011-08-24 06:56:54 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-08-24 06:54:49 -------- d-----w- c:\windows\system32\URTTEMP

2011-08-24 06:41:06 -------- d-----w- c:\programmer\fælles filer\BitDefender

2011-08-23 19:09:11 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31:31 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:34 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:48 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-06 11:36:16 1867904 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 1:16:45,32 ===============

I look forward to hearing back from you about what I can try next!

Link to post
Share on other sites

Hello,

I ran ComboFix and have attached new logs. (I still have the message from Malwarebytes that it "blocked a potentially malicious website".)

*********'*******

ComboFix log

*****************

ComboFix 11-09-05.03 - Johnny Killerup 05-09-2011 10:16:57.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3536.2935 [GMT -7:00]

Kører fra: c:\documents and settings\Johnny Killerup\Skrivebord\Virus Cleaning Tools\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!

.

.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Johnny Killerup\Application Data\PriceGong

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Johnny Killerup\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Johnny Killerup\Lokale indstillinger\Application Data\ApplicationHistory

c:\documents and settings\Johnny Killerup\Lokale indstillinger\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

C:\install.exe

.

.

((((((((((((((((((((((((((((( Filer skabt fra 2011-08-05 til 2011-09-05 )))))))))))))))))))))))))))))))))))

.

.

2011-09-05 16:45 . 2011-09-05 16:45 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CE64D9-0704-4B6A-8F72-708B15BC2061}\MpKsl44ba00a2.sys

2011-09-03 08:12 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-03 08:12 . 2011-09-03 08:12 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware

2011-09-03 08:12 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-03 08:07 . 2011-09-03 08:07 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CE64D9-0704-4B6A-8F72-708B15BC2061}\MpKsl9b040d4e.sys

2011-09-03 07:40 . 2011-08-12 02:44 7152464 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CE64D9-0704-4B6A-8F72-708B15BC2061}\mpengine.dll

2011-09-03 07:39 . 2011-09-03 07:39 -------- d-----w- c:\programmer\Microsoft Security Client

2011-09-03 07:27 . 2011-09-03 07:27 -------- d--h--w- c:\windows\PIF

2011-08-26 07:29 . 2011-08-26 07:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-08-26 05:13 . 2005-04-04 06:00 184320 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-08-26 05:13 . 2011-08-26 05:13 331908 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-08-26 05:13 . 2011-08-26 05:13 200836 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-08-26 05:13 . 2005-04-04 06:02 753664 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-08-26 05:13 . 2005-04-04 06:02 69714 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-08-26 05:13 . 2005-04-04 06:01 274432 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-08-26 05:13 . 2005-04-04 05:59 5632 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-08-24 23:42 . 2011-08-24 23:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 20:43 . 2011-08-25 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-08-24 20:43 . 2011-08-24 20:48 -------- d-----w- c:\programmer\Spybot - Search & Destroy

2011-08-24 15:39 . 2011-08-24 15:39 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-08-24 09:38 . 2011-08-24 09:38 -------- d-----w- c:\documents and settings\Johnny Killerup\Application Data\Malwarebytes

2011-08-24 09:38 . 2011-08-24 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-24 08:53 . 2011-08-25 02:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-08-24 08:52 . 2011-08-25 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-08-24 08:11 . 2011-08-24 08:11 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Apple Computer

2011-08-24 06:56 . 2011-09-03 07:32 -------- d-----w- c:\programmer\BitDefender

2011-08-24 06:56 . 2011-09-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2011-08-24 06:54 . 2011-08-24 06:54 -------- d-----w- c:\windows\system32\URTTEMP

2011-08-24 06:41 . 2011-09-03 07:32 -------- d-----w- c:\programmer\Fælles filer\BitDefender

2011-08-24 04:26 . 2011-08-24 04:26 -------- d-----r- c:\documents and settings\LocalService\Foretrukne

2011-08-23 19:09 . 2011-08-23 19:09 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys

2011-08-23 13:28 . 2011-08-23 13:28 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne

2011-08-17 03:30 . 2011-08-17 03:30 -------- d-----w- c:\programmer\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-15 13:29 . 2008-04-14 23:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-14 23:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2009-07-29 07:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-14 23:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-14 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-14 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-14 23:00 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2008-04-14 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll

.

.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Bemærk* tomme linier & lovlige standard linier vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 39408]

"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\programmer\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]

"IntelWireless"="c:\programmer\Fælles filer\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]

"Apoint"="c:\programmer\DellTPad\Apoint.exe" [2008-12-21 200704]

"SysTrayApp"="c:\programmer\IDT\WDM\sttray.exe" [2009-02-23 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]

"IAAnotif"="c:\programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]

"HP Software Update"="c:\programmer\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Dell Webcam Central"="c:\programmer\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]

"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]

"RIMBBLaunchAgent.exe"="c:\programmer\Fælles filer\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"Boingo Wi-Fi"="c:\programmer\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-09-05 2173]

"MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\All Users\Menuen Start\Programmer\Start\

Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2009-7-29 809488]

Personal.lnk - c:\programmer\Personal\bin\Personal.exe [2011-4-11 1086288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-18 22:30 72208 ----a-w- c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe"

"Malwarebytes' Anti-Malware"="c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Documents and Settings\\Johnny Killerup\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Programmer\\StreamTorrent 1.0\\StreamTorrent.exe"=

"c:\\Programmer\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=

"c:\\Programmer\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Programmer\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

"c:\\Programmer\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"427:UDP"= 427:UDP:192.168.1.100/255.255.255.255:Enabled:HP Printer

.

R1 MpKsl44ba00a2;MpKsl44ba00a2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CE64D9-0704-4B6A-8F72-708B15BC2061}\MpKsl44ba00a2.sys [05-09-2011 09:45 28752]

R1 MpKsl9b040d4e;MpKsl9b040d4e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CE64D9-0704-4B6A-8F72-708B15BC2061}\MpKsl9b040d4e.sys [03-09-2011 01:07 28752]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [29-07-2009 23:33 10384]

R2 MBAMService;MBAMService;c:\programmer\Malwarebytes' Anti-Malware\mbamservice.exe [03-09-2011 01:12 366640]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [29-07-2009 01:48 112512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [29-07-2009 01:20 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [29-07-2009 01:46 109568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03-09-2011 01:12 22712]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [29-07-2009 01:47 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [29-07-2009 01:47 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [29-07-2009 01:47 280096]

S0 cerc6;cerc6; [x]

S1 fgbpsyov;fgbpsyov;\??\c:\windows\system32\drivers\fgbpsyov.sys --> c:\windows\system32\drivers\fgbpsyov.sys [?]

S1 MpKslcbf061bb;MpKslcbf061bb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EDBFBD6-8BEF-486F-AD74-9B490E006BEA}\MpKslcbf061bb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EDBFBD6-8BEF-486F-AD74-9B490E006BEA}\MpKslcbf061bb.sys [?]

S1 MpKslef0903a4;MpKslef0903a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54E09164-FA3D-48EB-9EAB-0770345ECD46}\MpKslef0903a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54E09164-FA3D-48EB-9EAB-0770345ECD46}\MpKslef0903a4.sys [?]

S2 gupdate1ca1ce7a33a23c0;Tjenesten Google Update (gupdate1ca1ce7a33a23c0);c:\programmer\Google\Update\GoogleUpdate.exe [14-08-2009 07:00 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\programmer\LogMeIn\x86\LMIGuardianSvc.exe [06-10-2010 20:12 374152]

S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [23-08-2011 12:09 327368]

S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\Google\Update\GoogleUpdate.exe [14-08-2009 07:00 133104]

S3 protecter.sys;protecter.sys;\??\c:\documents and settings\Johnny Killerup\Lokale indstillinger\Temp\BDRemovalTool\protecter.sys --> c:\documents and settings\Johnny Killerup\Lokale indstillinger\Temp\BDRemovalTool\protecter.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Indhold af mappen 'Planlagte Opgaver'

.

2011-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-14 14:00]

.

2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-14 14:00]

.

2011-09-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programmer\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Yderligere scanning -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: webreg.dk

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

.

- - - - TOMME GENVEJE FJERNET - - - -

.

HKLM-Run-LELA - c:\programmer\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-05 10:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanner skjulte processer ...

.

scanner skjulte autostarter ...

.

scanner skjulte filer ...

.

scanning gennemført med succes

skjulte filer: 0

.

**************************************************************************

.

--------------------- DLLs startet under kørende Processer ---------------------

.

- - - - - - - > 'winlogon.exe'(744)

c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll

c:\windows\system32\netprovcredman.dll

.

Gennemført tid: 2011-09-05 10:27:09

ComboFix-quarantined-files.txt 2011-09-05 17:27

.

Pre-Kørsel: 34.151.444.480 byte ledig

Post-Kørsel: 34.744.832.000 byte ledig

.

- - End Of File - - 4BF33066F82088CA5F5F8A02107099A3

**********************

DDS log

**********************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Johnny Killerup at 10:28:30 on 2011-09-05

Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3536.2800 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Programmer\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Programmer\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programmer\idt\dellxpm09b_6159v043\wdm\stacsv.exe

svchost.exe

C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programmer\Bonjour\mDNSResponder.exe

C:\Programmer\Intel\WiFi\bin\EvtEng.exe

C:\Programmer\Java\jre6\bin\jqs.exe

C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Programmer\Intel\WiFi\bin\WLKeeper.exe

C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmer\Intel\WiFi\bin\ZCfgSvc.exe

C:\Programmer\Fælles filer\Intel\WirelessCommon\iFrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programmer\DellTPad\Apoint.exe

C:\Programmer\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

C:\Programmer\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programmer\Fælles filer\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Programmer\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Programmer\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Programmer\Logitech\SetPoint\SetPoint.exe

C:\Programmer\Personal\bin\Personal.exe

C:\Programmer\DellTPad\ApMsgFwd.exe

C:\Programmer\DellTPad\HidFind.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmer\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized

mRun: [intelZeroConfig] "c:\programmer\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\programmer\fælles filer\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\programmer\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [iAAnotif] c:\programmer\intel\intel matrix storage manager\iaanotif.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [HP Software Update] c:\programmer\hp\hp software update\HPWuSchd2.exe

mRun: [Dell Webcam Central] "c:\programmer\dell webcam\dell webcam central\WebcamDell.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime

mRun: [RIMBBLaunchAgent.exe] c:\programmer\fælles filer\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [boingo Wi-Fi] "c:\programmer\boingo\boingo wi-fi\Boingo.lnk"

mRun: [MSC] "c:\programmer\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\fllesf~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\logite~1.lnk - c:\programmer\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\personal.lnk - c:\programmer\personal\bin\Personal.exe

IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: webreg.dk

DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{C89019B6-361E-430F-8649-273169358A9C} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl44ba00a2;MpKsl44ba00a2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98ce64d9-0704-4b6a-8f72-708b15bc2061}\MpKsl44ba00a2.sys [2011-9-5 28752]

R1 MpKsl9b040d4e;MpKsl9b040d4e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98ce64d9-0704-4b6a-8f72-708b15bc2061}\MpKsl9b040d4e.sys [2011-9-3 28752]

R2 IAANTMON;Intel® Matrix Storage Event Monitor;c:\programmer\intel\intel matrix storage manager\IAANTmon.exe [2009-7-29 354840]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-7-29 10384]

R2 MBAMService;MBAMService;c:\programmer\malwarebytes' anti-malware\mbamservice.exe [2011-9-3 366640]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-29 112512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-7-29 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-29 109568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-3 22712]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-7-29 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-7-29 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-7-29 280096]

S0 cerc6;cerc6; [x]

S1 fgbpsyov;fgbpsyov;\??\c:\windows\system32\drivers\fgbpsyov.sys --> c:\windows\system32\drivers\fgbpsyov.sys [?]

S1 MpKslcbf061bb;MpKslcbf061bb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9edbfbd6-8bef-486f-ad74-9b490e006bea}\mpkslcbf061bb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9edbfbd6-8bef-486f-ad74-9b490e006bea}\MpKslcbf061bb.sys [?]

S1 MpKslef0903a4;MpKslef0903a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54e09164-fa3d-48eb-9eab-0770345ecd46}\mpkslef0903a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54e09164-fa3d-48eb-9eab-0770345ecd46}\MpKslef0903a4.sys [?]

S2 gupdate1ca1ce7a33a23c0;Tjenesten Google Update (gupdate1ca1ce7a33a23c0);c:\programmer\google\update\GoogleUpdate.exe [2009-8-14 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\programmer\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]

S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [2011-8-23 327368]

S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\google\update\GoogleUpdate.exe [2009-8-14 133104]

S3 protecter.sys;protecter.sys;\??\c:\documents and settings\johnny killerup\lokale indstillinger\temp\bdremovaltool\protecter.sys --> c:\documents and settings\johnny killerup\lokale indstillinger\temp\bdremovaltool\protecter.sys [?]

.

=============== Created Last 30 ================

.

2011-09-05 17:15:20 -------- d-----w- C:\ComboFix

2011-09-05 17:12:33 98816 ----a-w- c:\windows\sed.exe

2011-09-05 17:12:33 518144 ----a-w- c:\windows\SWREG.exe

2011-09-05 17:12:33 256000 ----a-w- c:\windows\PEV.exe

2011-09-05 17:12:33 208896 ----a-w- c:\windows\MBR.exe

2011-09-05 16:45:37 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98ce64d9-0704-4b6a-8f72-708b15bc2061}\MpKsl44ba00a2.sys

2011-09-03 08:12:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-03 08:12:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-03 08:12:20 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware

2011-09-03 08:07:42 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98ce64d9-0704-4b6a-8f72-708b15bc2061}\MpKsl9b040d4e.sys

2011-09-03 07:40:57 7152464 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98ce64d9-0704-4b6a-8f72-708b15bc2061}\mpengine.dll

2011-09-03 07:39:27 -------- d-----w- c:\programmer\Microsoft Security Client

2011-09-03 07:27:55 -------- d--h--w- c:\windows\PIF

2011-08-26 05:13:04 184320 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iuser.dll

2011-08-26 05:13:03 753664 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iKernel.dll

2011-08-26 05:13:03 69714 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\ctor.dll

2011-08-26 05:13:03 5632 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

2011-08-26 05:13:03 331908 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\setup.dll

2011-08-26 05:13:03 274432 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iscript.dll

2011-08-26 05:13:03 200836 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iGdi.dll

2011-08-24 23:42:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 20:43:21 -------- d-----w- c:\programmer\Spybot - Search & Destroy

2011-08-24 20:43:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-08-24 15:39:06 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-08-24 09:38:26 -------- d-----w- c:\documents and settings\johnny killerup\application data\Malwarebytes

2011-08-24 09:38:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-24 08:52:28 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-08-24 06:56:54 -------- d-----w- c:\programmer\BitDefender

2011-08-24 06:56:54 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-08-24 06:54:49 -------- d-----w- c:\windows\system32\URTTEMP

2011-08-24 06:41:06 -------- d-----w- c:\programmer\fælles filer\BitDefender

2011-08-23 19:09:11 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31:31 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:34 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:48 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 10:29:46,87 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites

Hello,

Below is the new log. Note that even though I try to install the EN version of the Recovery Console, ComboFix insists on speaking Danish to me because I have a Danish version of windows ........

*******************

ComboFix log

*******************

ComboFix 11-09-08.01 - Johnny Killerup 07-09-2011 21:28:11.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3536.2910 [GMT -7:00]

Kører fra: c:\documents and settings\Johnny Killerup\Skrivebord\Virus Cleaning Tools\ComboFix.exe

Kommandoer benyttet :: c:\documents and settings\Johnny Killerup\Skrivebord\Virus Cleaning Tools\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((( Filer skabt fra 2011-08-08 til 2011-09-08 )))))))))))))))))))))))))))))))))))

.

.

2011-09-06 06:21 . 2011-09-06 06:21 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-09-06 06:21 . 2011-09-06 06:26 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData

2011-09-05 17:44 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0E26466-E832-4E78-8B1E-EB7B5884BD9B}\mpengine.dll

2011-09-03 08:12 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-03 08:12 . 2011-09-03 08:12 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware

2011-09-03 08:12 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-03 07:39 . 2011-09-03 07:39 -------- d-----w- c:\programmer\Microsoft Security Client

2011-09-03 07:27 . 2011-09-03 07:27 -------- d--h--w- c:\windows\PIF

2011-08-26 07:29 . 2011-08-26 07:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-08-26 05:13 . 2005-04-04 06:00 184320 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-08-26 05:13 . 2011-08-26 05:13 331908 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-08-26 05:13 . 2011-08-26 05:13 200836 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-08-26 05:13 . 2005-04-04 06:02 753664 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-08-26 05:13 . 2005-04-04 06:02 69714 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-08-26 05:13 . 2005-04-04 06:01 274432 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-08-26 05:13 . 2005-04-04 05:59 5632 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-08-24 23:42 . 2011-08-24 23:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 20:43 . 2011-08-25 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-08-24 20:43 . 2011-08-24 20:48 -------- d-----w- c:\programmer\Spybot - Search & Destroy

2011-08-24 15:39 . 2011-08-24 15:39 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-08-24 09:38 . 2011-08-24 09:38 -------- d-----w- c:\documents and settings\Johnny Killerup\Application Data\Malwarebytes

2011-08-24 09:38 . 2011-08-24 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-24 08:53 . 2011-08-25 02:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-08-24 08:52 . 2011-08-25 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-08-24 08:11 . 2011-08-24 08:11 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Apple Computer

2011-08-24 06:56 . 2011-09-03 07:32 -------- d-----w- c:\programmer\BitDefender

2011-08-24 06:56 . 2011-09-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2011-08-24 06:54 . 2011-08-24 06:54 -------- d-----w- c:\windows\system32\URTTEMP

2011-08-24 06:41 . 2011-09-03 07:32 -------- d-----w- c:\programmer\Fælles filer\BitDefender

2011-08-24 04:26 . 2011-08-24 04:26 -------- d-----r- c:\documents and settings\LocalService\Foretrukne

2011-08-23 19:09 . 2011-08-23 19:09 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys

2011-08-23 13:28 . 2011-09-06 06:21 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne

2011-08-17 03:30 . 2011-08-17 03:30 -------- d-----w- c:\programmer\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-03 10:17 . 2008-04-14 23:00 602112 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2008-04-14 23:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-14 23:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2009-07-29 07:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-14 23:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-14 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-14 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-14 23:00 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2008-04-14 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-05_17.23.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-08 04:21 . 2011-09-08 04:21 16384 c:\windows\Temp\Perflib_Perfdata_418.dat

- 2011-09-05 17:08 . 2011-09-05 17:08 16384 c:\windows\Temp\Perflib_Perfdata_418.dat

- 2008-04-14 23:00 . 2011-09-05 17:13 72764 c:\windows\system32\perfc009.dat

+ 2008-04-14 23:00 . 2011-09-08 04:25 72764 c:\windows\system32\perfc009.dat

- 2008-04-14 23:00 . 2011-09-05 17:13 84372 c:\windows\system32\perfc006.dat

+ 2008-04-14 23:00 . 2011-09-08 04:25 84372 c:\windows\system32\perfc006.dat

+ 2008-04-14 23:00 . 2011-09-08 04:25 444506 c:\windows\system32\perfh009.dat

- 2008-04-14 23:00 . 2011-09-05 17:13 444506 c:\windows\system32\perfh009.dat

+ 2008-04-14 23:00 . 2011-09-08 04:25 459766 c:\windows\system32\perfh006.dat

- 2008-04-14 23:00 . 2011-09-05 17:13 459766 c:\windows\system32\perfh006.dat

+ 2008-04-14 23:00 . 2011-09-03 10:17 602112 c:\windows\system32\dllcache\crypt32.dll

- 2008-04-14 23:00 . 2008-04-14 23:00 602112 c:\windows\system32\dllcache\crypt32.dll

.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Bemærk* tomme linier & lovlige standard linier vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 39408]

"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\programmer\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]

"IntelWireless"="c:\programmer\Fælles filer\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]

"Apoint"="c:\programmer\DellTPad\Apoint.exe" [2008-12-21 200704]

"SysTrayApp"="c:\programmer\IDT\WDM\sttray.exe" [2009-02-23 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]

"IAAnotif"="c:\programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]

"HP Software Update"="c:\programmer\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Dell Webcam Central"="c:\programmer\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]

"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]

"RIMBBLaunchAgent.exe"="c:\programmer\Fælles filer\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"Boingo Wi-Fi"="c:\programmer\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-09-08 2173]

"MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\All Users\Menuen Start\Programmer\Start\

Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2009-7-29 809488]

Personal.lnk - c:\programmer\Personal\bin\Personal.exe [2011-4-11 1086288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-18 22:30 72208 ----a-w- c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe"

"Malwarebytes' Anti-Malware"="c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Documents and Settings\\Johnny Killerup\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Programmer\\StreamTorrent 1.0\\StreamTorrent.exe"=

"c:\\Programmer\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=

"c:\\Programmer\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Programmer\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

"c:\\Programmer\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"427:UDP"= 427:UDP:192.168.1.100/255.255.255.255:Enabled:HP Printer

.

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [29-07-2009 23:33 10384]

R2 MBAMService;MBAMService;c:\programmer\Malwarebytes' Anti-Malware\mbamservice.exe [03-09-2011 01:12 366640]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [29-07-2009 01:48 112512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [29-07-2009 01:20 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [29-07-2009 01:46 109568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03-09-2011 01:12 22712]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [29-07-2009 01:47 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [29-07-2009 01:47 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [29-07-2009 01:47 280096]

S0 cerc6;cerc6; [x]

S1 fgbpsyov;fgbpsyov;\??\c:\windows\system32\drivers\fgbpsyov.sys --> c:\windows\system32\drivers\fgbpsyov.sys [?]

S1 MpKslcbf061bb;MpKslcbf061bb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EDBFBD6-8BEF-486F-AD74-9B490E006BEA}\MpKslcbf061bb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EDBFBD6-8BEF-486F-AD74-9B490E006BEA}\MpKslcbf061bb.sys [?]

S1 MpKslef0903a4;MpKslef0903a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54E09164-FA3D-48EB-9EAB-0770345ECD46}\MpKslef0903a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54E09164-FA3D-48EB-9EAB-0770345ECD46}\MpKslef0903a4.sys [?]

S2 gupdate1ca1ce7a33a23c0;Tjenesten Google Update (gupdate1ca1ce7a33a23c0);c:\programmer\Google\Update\GoogleUpdate.exe [14-08-2009 07:00 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\programmer\LogMeIn\x86\LMIGuardianSvc.exe [06-10-2010 20:12 374152]

S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [23-08-2011 12:09 327368]

S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\Google\Update\GoogleUpdate.exe [14-08-2009 07:00 133104]

S3 protecter.sys;protecter.sys;\??\c:\documents and settings\Johnny Killerup\Lokale indstillinger\Temp\BDRemovalTool\protecter.sys --> c:\documents and settings\Johnny Killerup\Lokale indstillinger\Temp\BDRemovalTool\protecter.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Indhold af mappen 'Planlagte Opgaver'

.

2011-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-14 14:00]

.

2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-14 14:00]

.

2011-09-08 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programmer\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Yderligere scanning -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: webreg.dk

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-07 21:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanner skjulte processer ...

.

scanner skjulte autostarter ...

.

scanner skjulte filer ...

.

scanning gennemført med succes

skjulte filer: 0

.

**************************************************************************

.

--------------------- DLLs startet under kørende Processer ---------------------

.

- - - - - - - > 'winlogon.exe'(744)

c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll

c:\windows\system32\netprovcredman.dll

.

- - - - - - - > 'explorer.exe'(3136)

c:\windows\system32\igfxdo.dll

c:\programmer\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\netprovcredman.dll

.

Gennemført tid: 2011-09-07 21:38:53

ComboFix-quarantined-files.txt 2011-09-08 04:38

ComboFix2.txt 2011-09-06 05:07

ComboFix3.txt 2011-09-05 17:27

.

Pre-Kørsel: 34.126.598.144 byte ledig

Post-Kørsel: 34.560.671.744 byte ledig

.

- - End Of File - - 760440B15776D0838221C90F4957F05C

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
cerc6
fgbpsyov

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Hello,

I followed the instructions, but ComboFix keeps saying the Recovery Console is not installed, but when I click on the button to install it, it says "internal error" and then starts running the scan. I did install Recovery Console in an earlier step during this cleaning process, so I hope this ComboFix error won't pose a problem. This time, ComboFix rebooted the machine automatically after it ran.

Note that I disabled real-time protection in Microsoft Security Essentials before running ComboFix and DDS, then re-enabled it afterwards.

Here are the logs:

********************************

Combofix log

********************************

ComboFix 11-09-09.04 - Johnny Killerup 10-09-2011 0:21.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3536.2713 [GMT -7:00]

Kører fra: c:\documents and settings\Johnny Killerup\Skrivebord\Virus Cleaning Tools\ComboFix.exe

Kommandoer benyttet :: c:\documents and settings\Johnny Killerup\Skrivebord\Virus Cleaning Tools\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

* Dannede nyt systemgendannelsespunkt

.

.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_cerc6

-------\Service_fgbpsyov

.

.

((((((((((((((((((((((((((((( Filer skabt fra 2011-08-10 til 2011-09-10 )))))))))))))))))))))))))))))))))))

.

.

2011-09-08 04:51 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-08 04:51 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F15DD353-FE0E-4167-81FA-EEBF8E3A366F}\mpengine.dll

2011-09-06 06:21 . 2011-09-06 06:21 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-09-06 06:21 . 2011-09-08 05:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData

2011-09-03 08:12 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-03 08:12 . 2011-09-03 08:12 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware

2011-09-03 08:12 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-03 07:39 . 2011-09-03 07:39 -------- d-----w- c:\programmer\Microsoft Security Client

2011-09-03 07:27 . 2011-09-03 07:27 -------- d--h--w- c:\windows\PIF

2011-08-26 07:29 . 2011-08-26 07:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-08-26 05:13 . 2005-04-04 06:00 184320 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-08-26 05:13 . 2011-08-26 05:13 331908 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-08-26 05:13 . 2011-08-26 05:13 200836 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-08-26 05:13 . 2005-04-04 06:02 753664 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-08-26 05:13 . 2005-04-04 06:02 69714 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-08-26 05:13 . 2005-04-04 06:01 274432 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-08-26 05:13 . 2005-04-04 05:59 5632 ----a-w- c:\programmer\Fælles filer\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-08-24 23:42 . 2011-08-24 23:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 20:43 . 2011-08-25 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-08-24 20:43 . 2011-08-24 20:48 -------- d-----w- c:\programmer\Spybot - Search & Destroy

2011-08-24 15:39 . 2011-08-24 15:39 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-08-24 09:38 . 2011-08-24 09:38 -------- d-----w- c:\documents and settings\Johnny Killerup\Application Data\Malwarebytes

2011-08-24 09:38 . 2011-08-24 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-24 08:53 . 2011-08-25 02:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-08-24 08:52 . 2011-08-25 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-08-24 08:11 . 2011-08-24 08:11 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Apple Computer

2011-08-24 06:56 . 2011-09-03 07:32 -------- d-----w- c:\programmer\BitDefender

2011-08-24 06:56 . 2011-09-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2011-08-24 06:54 . 2011-08-24 06:54 -------- d-----w- c:\windows\system32\URTTEMP

2011-08-24 06:41 . 2011-09-03 07:32 -------- d-----w- c:\programmer\Fælles filer\BitDefender

2011-08-24 04:26 . 2011-08-24 04:26 -------- d-----r- c:\documents and settings\LocalService\Foretrukne

2011-08-23 19:09 . 2011-08-23 19:09 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys

2011-08-23 13:28 . 2011-09-06 06:21 -------- d-----r- c:\documents and settings\NetworkService\Foretrukne

2011-08-17 03:30 . 2011-08-17 03:30 -------- d-----w- c:\programmer\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-03 10:17 . 2008-04-14 23:00 602112 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2008-04-14 23:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-14 23:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2009-07-29 07:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2008-04-14 23:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2008-04-14 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2008-04-14 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-14 23:00 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2008-04-14 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-05_17.23.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-10 07:30 . 2011-09-10 07:30 16384 c:\windows\Temp\Perflib_Perfdata_5d0.dat

- 2008-04-14 23:00 . 2011-09-05 17:13 72764 c:\windows\system32\perfc009.dat

+ 2008-04-14 23:00 . 2011-09-08 05:02 72764 c:\windows\system32\perfc009.dat

+ 2008-04-14 23:00 . 2011-09-08 05:02 84372 c:\windows\system32\perfc006.dat

- 2008-04-14 23:00 . 2011-09-05 17:13 84372 c:\windows\system32\perfc006.dat

+ 2008-04-14 23:00 . 2011-09-08 05:02 444506 c:\windows\system32\perfh009.dat

- 2008-04-14 23:00 . 2011-09-05 17:13 444506 c:\windows\system32\perfh009.dat

+ 2008-04-14 23:00 . 2011-09-08 05:02 459766 c:\windows\system32\perfh006.dat

- 2008-04-14 23:00 . 2011-09-05 17:13 459766 c:\windows\system32\perfh006.dat

+ 2008-04-14 23:00 . 2011-09-03 10:17 602112 c:\windows\system32\dllcache\crypt32.dll

- 2008-04-14 23:00 . 2008-04-14 23:00 602112 c:\windows\system32\dllcache\crypt32.dll

.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Bemærk* tomme linier & lovlige standard linier vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 39408]

"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\programmer\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]

"IntelWireless"="c:\programmer\Fælles filer\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]

"Apoint"="c:\programmer\DellTPad\Apoint.exe" [2008-12-21 200704]

"SysTrayApp"="c:\programmer\IDT\WDM\sttray.exe" [2009-02-23 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]

"IAAnotif"="c:\programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]

"HP Software Update"="c:\programmer\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Dell Webcam Central"="c:\programmer\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]

"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]

"RIMBBLaunchAgent.exe"="c:\programmer\Fælles filer\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"Boingo Wi-Fi"="c:\programmer\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-09-10 2173]

"MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\All Users\Menuen Start\Programmer\Start\

Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2009-7-29 809488]

Personal.lnk - c:\programmer\Personal\bin\Personal.exe [2011-4-11 1086288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-18 22:30 72208 ----a-w- c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe"

"Malwarebytes' Anti-Malware"="c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Documents and Settings\\Johnny Killerup\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Programmer\\StreamTorrent 1.0\\StreamTorrent.exe"=

"c:\\Programmer\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=

"c:\\Programmer\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Programmer\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

"c:\\Programmer\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"427:UDP"= 427:UDP:192.168.1.100/255.255.255.255:Enabled:HP Printer

.

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [29-07-2009 23:33 10384]

R2 MBAMService;MBAMService;c:\programmer\Malwarebytes' Anti-Malware\mbamservice.exe [03-09-2011 01:12 366640]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [29-07-2009 01:48 112512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [29-07-2009 01:20 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [29-07-2009 01:46 109568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03-09-2011 01:12 22712]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [29-07-2009 01:47 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [29-07-2009 01:47 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [29-07-2009 01:47 280096]

S1 MpKsl57a435f9;MpKsl57a435f9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F15DD353-FE0E-4167-81FA-EEBF8E3A366F}\MpKsl57a435f9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F15DD353-FE0E-4167-81FA-EEBF8E3A366F}\MpKsl57a435f9.sys [?]

S1 MpKslcbf061bb;MpKslcbf061bb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EDBFBD6-8BEF-486F-AD74-9B490E006BEA}\MpKslcbf061bb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EDBFBD6-8BEF-486F-AD74-9B490E006BEA}\MpKslcbf061bb.sys [?]

S1 MpKsld73ed40b;MpKsld73ed40b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F15DD353-FE0E-4167-81FA-EEBF8E3A366F}\MpKsld73ed40b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F15DD353-FE0E-4167-81FA-EEBF8E3A366F}\MpKsld73ed40b.sys [?]

S1 MpKslef0903a4;MpKslef0903a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54E09164-FA3D-48EB-9EAB-0770345ECD46}\MpKslef0903a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54E09164-FA3D-48EB-9EAB-0770345ECD46}\MpKslef0903a4.sys [?]

S2 gupdate1ca1ce7a33a23c0;Tjenesten Google Update (gupdate1ca1ce7a33a23c0);c:\programmer\Google\Update\GoogleUpdate.exe [14-08-2009 07:00 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\programmer\LogMeIn\x86\LMIGuardianSvc.exe [06-10-2010 20:12 374152]

S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [23-08-2011 12:09 327368]

S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\Google\Update\GoogleUpdate.exe [14-08-2009 07:00 133104]

S3 protecter.sys;protecter.sys;\??\c:\documents and settings\Johnny Killerup\Lokale indstillinger\Temp\BDRemovalTool\protecter.sys --> c:\documents and settings\Johnny Killerup\Lokale indstillinger\Temp\BDRemovalTool\protecter.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Indhold af mappen 'Planlagte Opgaver'

.

2011-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-14 14:00]

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programmer\Google\Update\GoogleUpdate.exe [2009-08-14 14:00]

.

2011-09-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programmer\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Yderligere scanning -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: webreg.dk

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-10 00:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanner skjulte processer ...

.

scanner skjulte autostarter ...

.

scanner skjulte filer ...

.

scanning gennemført med succes

skjulte filer: 0

.

**************************************************************************

.

--------------------- DLLs startet under kørende Processer ---------------------

.

- - - - - - - > 'winlogon.exe'(748)

c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll

c:\windows\system32\netprovcredman.dll

.

- - - - - - - > 'explorer.exe'(240)

c:\windows\system32\igfxdo.dll

c:\programmer\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\netprovcredman.dll

.

------------------------ Andre kørende processer ------------------------

.

c:\programmer\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\programmer\Intel\WiFi\bin\S24EvMon.exe

c:\programmer\idt\dellxpm09b_6159v043\wdm\stacsv.exe

c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programmer\Bonjour\mDNSResponder.exe

c:\programmer\Intel\WiFi\bin\EvtEng.exe

c:\programmer\Java\jre6\bin\jqs.exe

c:\programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe

c:\programmer\Intel\WiFi\bin\WLKeeper.exe

c:\programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wscntfy.exe

c:\programmer\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

c:\windows\system32\wbem\unsecapp.exe

c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE

c:\programmer\DellTPad\ApMsgFwd.exe

c:\programmer\DellTPad\HidFind.exe

c:\programmer\DellTPad\Apntex.exe

.

**************************************************************************

.

Gennemført tid: 2011-09-10 00:33:52 - maskinen blev genstartet

ComboFix-quarantined-files.txt 2011-09-10 07:33

ComboFix2.txt 2011-09-08 04:38

ComboFix3.txt 2011-09-06 05:07

ComboFix4.txt 2011-09-05 17:27

.

Pre-Kørsel: 34.029.621.248 byte ledig

Post-Kørsel: 34.260.811.776 byte ledig

.

- - End Of File - - AC84A408C7DDFA1A2B9E54FDC0465ED3

*********************************

DDS Log

*********************************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Johnny Killerup at 0:34:28 on 2011-09-10

Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3536.2871 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Programmer\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Programmer\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programmer\idt\dellxpm09b_6159v043\wdm\stacsv.exe

svchost.exe

C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programmer\Bonjour\mDNSResponder.exe

C:\Programmer\Intel\WiFi\bin\EvtEng.exe

C:\Programmer\Java\jre6\bin\jqs.exe

C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Programmer\Intel\WiFi\bin\WLKeeper.exe

C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmer\Intel\WiFi\bin\ZCfgSvc.exe

C:\Programmer\Fælles filer\Intel\WirelessCommon\iFrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programmer\DellTPad\Apoint.exe

C:\Programmer\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

C:\Programmer\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Programmer\Fælles filer\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmer\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Programmer\Microsoft Security Client\msseces.exe

C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programmer\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE

C:\Programmer\Personal\bin\Personal.exe

C:\Programmer\DellTPad\ApMsgFwd.exe

C:\Programmer\DellTPad\HidFind.exe

C:\Programmer\DellTPad\Apntex.exe

C:\WINDOWS\explorer.exe

\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmer\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized

mRun: [intelZeroConfig] "c:\programmer\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\programmer\fælles filer\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\programmer\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [iAAnotif] c:\programmer\intel\intel matrix storage manager\iaanotif.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [HP Software Update] c:\programmer\hp\hp software update\HPWuSchd2.exe

mRun: [Dell Webcam Central] "c:\programmer\dell webcam\dell webcam central\WebcamDell.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime

mRun: [RIMBBLaunchAgent.exe] c:\programmer\fælles filer\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [boingo Wi-Fi] "c:\programmer\boingo\boingo wi-fi\Boingo.lnk"

mRun: [MSC] "c:\programmer\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\programmer\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\fllesf~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\logite~1.lnk - c:\programmer\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\personal.lnk - c:\programmer\personal\bin\Personal.exe

IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: webreg.dk

DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{C89019B6-361E-430F-8649-273169358A9C} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmer\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R2 IAANTMON;Intel® Matrix Storage Event Monitor;c:\programmer\intel\intel matrix storage manager\IAANTmon.exe [2009-7-29 354840]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-7-29 10384]

R2 MBAMService;MBAMService;c:\programmer\malwarebytes' anti-malware\mbamservice.exe [2011-9-3 366640]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-29 112512]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-7-29 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-29 109568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-3 22712]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-7-29 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-7-29 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-7-29 280096]

S1 MpKsl57a435f9;MpKsl57a435f9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f15dd353-fe0e-4167-81fa-eebf8e3a366f}\mpksl57a435f9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f15dd353-fe0e-4167-81fa-eebf8e3a366f}\MpKsl57a435f9.sys [?]

S1 MpKslcbf061bb;MpKslcbf061bb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9edbfbd6-8bef-486f-ad74-9b490e006bea}\mpkslcbf061bb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9edbfbd6-8bef-486f-ad74-9b490e006bea}\MpKslcbf061bb.sys [?]

S1 MpKsld73ed40b;MpKsld73ed40b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f15dd353-fe0e-4167-81fa-eebf8e3a366f}\mpksld73ed40b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f15dd353-fe0e-4167-81fa-eebf8e3a366f}\MpKsld73ed40b.sys [?]

S1 MpKslef0903a4;MpKslef0903a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54e09164-fa3d-48eb-9eab-0770345ecd46}\mpkslef0903a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54e09164-fa3d-48eb-9eab-0770345ecd46}\MpKslef0903a4.sys [?]

S2 gupdate1ca1ce7a33a23c0;Tjenesten Google Update (gupdate1ca1ce7a33a23c0);c:\programmer\google\update\GoogleUpdate.exe [2009-8-14 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\programmer\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]

S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [2011-8-23 327368]

S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\google\update\GoogleUpdate.exe [2009-8-14 133104]

S3 protecter.sys;protecter.sys;\??\c:\documents and settings\johnny killerup\lokale indstillinger\temp\bdremovaltool\protecter.sys --> c:\documents and settings\johnny killerup\lokale indstillinger\temp\bdremovaltool\protecter.sys [?]

.

=============== Created Last 30 ================

.

2011-09-08 04:51:42 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-09-08 04:51:29 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f15dd353-fe0e-4167-81fa-eebf8e3a366f}\mpengine.dll

2011-09-06 04:53:54 -------- d-sha-r- C:\cmdcons

2011-09-05 17:12:33 98816 ----a-w- c:\windows\sed.exe

2011-09-05 17:12:33 518144 ----a-w- c:\windows\SWREG.exe

2011-09-05 17:12:33 256000 ----a-w- c:\windows\PEV.exe

2011-09-05 17:12:33 208896 ----a-w- c:\windows\MBR.exe

2011-09-03 08:12:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-03 08:12:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-03 08:12:20 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware

2011-09-03 07:39:27 -------- d-----w- c:\programmer\Microsoft Security Client

2011-09-03 07:27:55 -------- d--h--w- c:\windows\PIF

2011-08-26 05:13:04 184320 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iuser.dll

2011-08-26 05:13:03 753664 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iKernel.dll

2011-08-26 05:13:03 69714 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\ctor.dll

2011-08-26 05:13:03 5632 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

2011-08-26 05:13:03 331908 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\setup.dll

2011-08-26 05:13:03 274432 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iscript.dll

2011-08-26 05:13:03 200836 ----a-w- c:\programmer\fælles filer\installshield\professional\runtime\11\00\intel32\iGdi.dll

2011-08-24 23:42:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 20:43:21 -------- d-----w- c:\programmer\Spybot - Search & Destroy

2011-08-24 20:43:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-08-24 15:39:06 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-08-24 09:38:26 -------- d-----w- c:\documents and settings\johnny killerup\application data\Malwarebytes

2011-08-24 09:38:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-24 08:52:28 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-08-24 06:56:54 -------- d-----w- c:\programmer\BitDefender

2011-08-24 06:56:54 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-08-24 06:54:49 -------- d-----w- c:\windows\system32\URTTEMP

2011-08-24 06:41:06 -------- d-----w- c:\programmer\fælles filer\BitDefender

2011-08-23 19:09:11 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys

.

==================== Find3M ====================

.

2011-09-03 10:17:20 602112 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31:31 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:34 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:48 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 0:35:40,04 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 3 weeks later...

Hi,

Thanks for your patience. ESET found 1 threat and removed it. MS Security Essentials complained too and said it removed a threat. PC is running very slow; it seems to get slower and slower as time goes on, until after about 15 minutes, it won't respond anymore and I have to reboot.

Here are the logs:

************************************

ESET Log

************************************

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=ca123d5862ec3f4c8f486e34643453dd

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-05 07:39:45

# local_time=2011-10-05 12:39:45 (-0700, USA (Mountain), normaltid)

# country="Denmark"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 67917832 67917832 0 0

# compatibility_mode=5891 16776537 42 87 0 14554330 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=88259

# found=1

# cleaned=1

# scan_time=1725

C:\Documents and Settings\NetworkService\Lokale indstillinger\Temporary Internet Files\Content.IE5\Z49NI4GL\3rd-place-power-glide-french-online-courses-3[1].txt HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

**********************************

Checkup.txt

**********************************

I am having trouble with SecurityCheck. The black screen says "done!", however it generates an empty log file called prelimcheckup.txt and no checkup.txt logfile. I have tried it several times, rebooted, updated antivirus software, etc. I can't get it to run and produce a log file.

MS Security Essentials detected 1 severe threat: Java/CVE-2010-0842.P and removed it successfully.

It seems the PC is still infected .... not sure what to try next. I am thinking at this point the best option is just to format the hard drive and start over......

Link to post
Share on other sites

  • Staff

Okay thanks for letting me know.

After you format, I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.