• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
malefique

my hotmail account and wow was hacked

15 posts in this topic

few days ago I could not get into neither my hotmail account nor my wow account. I got online and got stuff locked and have managed to retrieve my hotmail account. I got a forum link from blizzard http://forums.wow-europe.com/thread.html?t...42401&sid=1 which stepped me through a clean up process. I was not aware of how lacking my security was, but being put to the knife like this kinda makes you jump so I am here to post my logs hoping that you can tell me things look abit brighter again.

 

I have run ATF-cleaner, spybot S&D, Adaware(not resident) , AVAST(resident), MAM, and Hijackthis. They all found a little here and there I am unable however to find a log in AVAST, but positn the other logs I got

 

 

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

 

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2009-07-04 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-01-26 advcheck.dll (1.6.2.15)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2009-05-19 Includes\Adware.sbi

2009-06-02 Includes\AdwareC.sbi

2009-01-22 Includes\Cookies.sbi

2009-05-19 Includes\Dialer.sbi

2009-06-02 Includes\DialerC.sbi

2009-01-22 Includes\HeavyDuty.sbi

2009-05-26 Includes\Hijackers.sbi

2009-06-23 Includes\HijackersC.sbi

2009-06-23 Includes\Keyloggers.sbi

2009-06-30 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2009-06-30 Includes\Malware.sbi

2009-06-30 Includes\MalwareC.sbi

2009-03-25 Includes\PUPS.sbi

2009-06-30 Includes\PUPSC.sbi

2009-01-22 Includes\Revision.sbi

2009-01-13 Includes\Security.sbi

2009-06-02 Includes\SecurityC.sbi

2008-06-03 Includes\Spybots.sbi

2008-06-03 Includes\SpybotsC.sbi

2009-04-07 Includes\Spyware.sbi

2009-06-02 Includes\SpywareC.sbi

2009-06-08 Includes\Tracks.uti

2009-06-17 Includes\Trojans.sbi

2009-06-30 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

 

 

--- System information ---

Windows XP (Build: 2600) Service Pack 3 (5.1.2600)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs

/ Windows / SP1: Microsoft National Language Support Downlevel APIs

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)

/ Windows Media Player: Sikkerhetsoppdatering for Windows Media Player (KB952069)

/ Windows Media Player 11: Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)

/ Windows Media Player 11: Hurtigreparasjon for Windows Media Player 11 (KB939683)

/ Windows Media Player 11: Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)

/ Windows Media Player 11: Kritisk oppdatering for Windows Media Player 11 (KB959772)

/ Windows Media Player 6.4: Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)

/ Windows Media Player 9: Sikkerhetsoppdatering for Windows Media Player 9 (KB936782)

/ Windows XP: Sikkerhetsoppdatering for Windows XP (KB923689)

/ Windows XP: Sikkerhetsoppdatering for Windows XP (KB941569)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)

/ Windows XP / SP0: Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB960714)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB969897)

/ Windows XP / SP0: Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB969897)

/ Windows XP / SP0: Oppdatering for Windows Internet Explorer 8 (KB971930)

/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP

/ Windows XP / SP3: High Definition Audio Driver Package - KB888111

/ Windows XP / SP3: Windows XP Service Pack 3

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB923561)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB938464)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB938464-v2)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB946648)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB950760)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB950762)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB950974)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB951066)

/ Windows XP / SP4: Oppdatering for Windows XP (KB951072-v2)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB951376-v2)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB951698)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB951748)

/ Windows XP / SP4: Oppdatering for Windows XP (KB951978)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB952004)

/ Windows XP / SP4: Hurtigreparasjon for Windows XP (KB952287)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB952954)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB954211)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB954459)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB954600)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB955069)

/ Windows XP / SP4: Oppdatering for Windows XP (KB955839)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB956391)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB956572)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB956802)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB956803)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB956841)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB957095)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB957097)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB958644)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB958687)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB958690)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB959426)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB960225)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB960715)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB960803)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB961373)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB961501)

/ Windows XP / SP4: Oppdatering for Windows XP (KB967715)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB968537)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB969898)

/ Windows XP / SP4: Sikkerhetsoppdatering for Windows XP (KB970238)

/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0

 

 

--- Startup entries list ---

Located: HK_LM:Run, Adobe Reader Speed Launcher

command: "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

file: C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

size: 39792

MD5: 8B9145D229D4E89D15ACB820D4A3A90F

 

Located: HK_LM:Run, Ad-Watch

command: C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

file: C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

size: 520024

MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2

 

Located: HK_LM:Run, avast!

command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

size: 81000

MD5: FC242DBD786557AC641726DC5C13F060

 

Located: HK_LM:Run, ExtraFilmHemmaAgent

command: "C:\Programfiler\ExtraFilm at Home\Agent.exe"

file: C:\Programfiler\ExtraFilm at Home\Agent.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: HK_LM:Run, High Definition Audio Property Page Shortcut

command: HDAShCut.exe

file: C:\WINDOWS\system32\HDAShCut.exe

size: 61952

MD5: 21C8A24455FDAFC9D6D8BCD38D62B10B

 

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\NvCpl.dll

size: 8466432

MD5: 1E7BD636B297830582A5587CFD779784

 

Located: HK_LM:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

file: C:\WINDOWS\system32\NvMcTray.dll

size: 81920

MD5: 33423165FDC8CCE60FF2659AF2F7BF70

 

Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 1626112

MD5: C6B1971E12A35FB69D64D01B915E1AA1

 

Located: HK_LM:Run, QuickTime Task

command: "C:\Programfiler\QuickTime\qttask.exe" -atboottime

file: C:\Programfiler\QuickTime\qttask.exe

size: 413696

MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9

 

Located: HK_LM:Run, SoundMAX

command: "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray

file: C:\Programfiler\Analog Devices\SoundMAX\smax4.exe

size: 716800

MD5: F2C53B16FEFD00DC79A15871A5738573

 

Located: HK_LM:Run, SoundMAXPnP

command: C:\Programfiler\Analog Devices\Core\smax4pnp.exe

file: C:\Programfiler\Analog Devices\Core\smax4pnp.exe

size: 925696

MD5: 115332A83AC2726FA974D30DB4BFD8DE

 

Located: HK_LM:Run, SunJavaUpdateSched

command: "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

file: C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

size: 132496

MD5: D4F0F7437327DBAA264338BAAFB5E5AF

 

Located: HK_LM:Run, Zboard

command: C:\Programfiler\Ideazon\ZEngine\Zboard.exe

file: C:\Programfiler\Ideazon\ZEngine\Zboard.exe

size: 57344

MD5: 2D451F4D04393013FD53262FC23BDFE1

 

Located: HK_CU:Run, ashservecie

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\WINDOWS\system32\ashservec.exe

file: C:\WINDOWS\system32\ashservec.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: HK_CU:Run, BitTorrent DNA

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: "C:\Programfiler\DNA\btdna.exe"

file: C:\Programfiler\DNA\btdna.exe

size: 321344

MD5: 7CF68169102EEE1C8C24C0CD495AD5BF

 

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: DD0A3AC0339D222329CBF9CFE0FE6AA5

 

Located: HK_CU:Run, CurseClient

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\Programfiler\Curse\CurseClient.exe -silent

file: C:\Programfiler\Curse\CurseClient.exe

size: 1934336

MD5: A6EEC57A8F783F2A1951F769EAA12847

 

Located: HK_CU:Run, explorer

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\WINDOWS\systemq.exe

file: C:\WINDOWS\systemq.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: HK_CU:Run, iexplorerskut

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\WINDOWS\system32\dllhostc.exe

file: C:\WINDOWS\system32\dllhostc.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: HK_CU:Run, Mail.com

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\Programfiler\mail.com\mcalert.exe -auto

file: C:\Programfiler\mail.com\mcalert.exe

size: 139264

MD5: 608D72BF9C37FA1DB6F638D310625699

 

Located: HK_CU:Run, MsnMsgr

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

file: C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

size: 5724184

MD5: 6B327AAECAEBB0D8FE78548ACBE52FB3

 

Located: HK_CU:Run, SpybotSD TeaTimer

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

size: 2260480

MD5: 390679F7A217A5E73D756276C40AE887

 

Located: HK_CU:Run, twumk.exe

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\WINDOWS\system32\twumk.exe

file: C:\WINDOWS\system32\twumk.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: HK_CU:RunOnce, Shockwave Updater

where: S-1-5-21-1123561945-2111687655-725345543-1004...

command: C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30)" -"http://www.cartoonnetwork.com/tv_shows/starwars/games/game_02_ext.html"

file:

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-1123561945-2111687655-725345543-1006...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: DD0A3AC0339D222329CBF9CFE0FE6AA5

 

Located: HK_CU:Run, Mail.com

where: S-1-5-21-1123561945-2111687655-725345543-1006...

command: C:\Programfiler\mail.com\mcalert.exe -auto

file: C:\Programfiler\mail.com\mcalert.exe

size: 139264

MD5: 608D72BF9C37FA1DB6F638D310625699

 

Located: HK_CU:Run, MSMSGS

where: S-1-5-21-1123561945-2111687655-725345543-1006...

command: "C:\Programfiler\Messenger\msmsgs.exe" /background

file: C:\Programfiler\Messenger\msmsgs.exe

size: 1695232

MD5: 2C94142AD7BA1BA71EDA76190892457E

 

Located: HK_CU:Run, msnmsgr

where: S-1-5-21-1123561945-2111687655-725345543-1006...

command: "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

file: C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

size: 5724184

MD5: 6B327AAECAEBB0D8FE78548ACBE52FB3

 

Located: HK_CU:Run, SpybotSD TeaTimer

where: S-1-5-21-1123561945-2111687655-725345543-1006...

command: C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

size: 2260480

MD5: 390679F7A217A5E73D756276C40AE887

 

Located: Startup (user), OpenOffice.org 2.2.lnk

where: C:\Documents and Settings\Gatinha\Start-meny\Programmer\Oppstart...

command: C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe

file: C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe

size: 393216

MD5: 97EDBCE5AC38D0F08BA42F56FFCA414B

 

Located: Startup (user), 3DO - Might and Magic VII Registration.lnk

where: C:\Documents and Settings\sjef\Start-meny\Programmer\Oppstart...

command: D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe

file: D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: Startup (user), OpenOffice.org 2.2.lnk

where: C:\Documents and Settings\sjef\Start-meny\Programmer\Oppstart...

command: C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe

file: C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe

size: 393216

MD5: 97EDBCE5AC38D0F08BA42F56FFCA414B

 

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

 

 

 

--- Browser helper object list ---

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Koblingshjelpeprogram for Adobe PDF Reader)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Koblingshjelpeprogram for Adobe PDF Reader

description: Adobe Acrobat reader

classification: Legitimate

known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll

info link: http://www.adobe.com/products/acrobat/readstep2.html

info source: TonyKlein

Path: C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\

Long name: AcroIEHelper.dll

Short name: ACROIE~1.DLL

Date (created): 23.10.2006 00:08:42

Date (last access): 04.07.2009 17:41:58

Date (last write): 23.10.2006 00:08:42

Filesize: 62080

Attributes: archive

MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A

CRC32: E388508F

Version: 8.0.0.456

 

{201f27d4-3704-41d6-89c1-aa35e39143ed} (AskBar BHO)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name: AskBar BHO

CLSID name: AskBar BHO

Path: C:\Programfiler\AskBarDis\bar\bin\

Long name: askBar.dll

Short name:

Date (created): 04.03.2009 22:36:06

Date (last access): 04.07.2009 18:23:14

Date (last write): 29.09.2008 18:24:28

Filesize: 325000

Attributes: archive

MD5: D1BAD87754F0141D7523C0D7CD6283F7

CRC32: 93EA42BA

Version: 4.1.0.5

 

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Spybot-S&D IE Protection

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDhelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\PROGRA~1\SPYBOT~1\

Long name: SDHelper.dll

Short name:

Date (created): 04.07.2009 13:58:42

Date (last access): 04.07.2009 18:24:58

Date (last write): 26.01.2009 15:31:02

Filesize: 1879896

Attributes: archive

MD5: 022C2F6DCCDFA0AD73024D254E62AFAC

CRC32: 5BA24007

Version: 1.6.2.14

 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: SSVHelper Class

Path: C:\Programfiler\Java\jre1.6.0_03\bin\

Long name: ssv.dll

Short name:

Date (created): 19.01.2008 19:42:44

Date (last access): 04.07.2009 18:31:08

Date (last write): 25.09.2007 02:11:34

Filesize: 501136

Attributes: archive

MD5: D787E3123FAD2BD58AB45B9A5C360ACD

CRC32: DDC625C2

Version: 6.0.30.5

 

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

 

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Påloggingshjelp for Windows Live)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Påloggingshjelp for Windows Live

Path: C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\

Long name: WindowsLiveLogin.dll

Short name: WINDOW~1.DLL

Date (created): 17.02.2009 17:11:04

Date (last access): 04.07.2009 18:23:14

Date (last write): 17.02.2009 17:11:04

Filesize: 408440

Attributes: archive

MD5: 1A82C1B9BB43385695EFC3A84F6756A2

CRC32: 75E558CA

Version: 5.0.818.6

 

 

 

--- ActiveX list ---

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)

DPF name:

CLSID name: QuickTime Object

Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf

Codebase: http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

description: Apple Quicktime

classification: Legitimate

known filename: QTPLUGIN.OCX

info link:

info source: Patrick M. Kolla

Path: C:\Programfiler\QuickTime\

Long name: QTPlugin.ocx

Short name:

Date (created): 28.03.2009 20:30:32

Date (last access): 04.07.2009 16:22:20

Date (last write): 28.03.2009 20:30:32

Filesize: 779568

Attributes: archive

MD5: CC547257A308EBE1070AED55309DA4BE

CRC32: 4805B208

Version: 7.6.0.0

 

{0878B424-1F95-4E26-B5AB-F0D349D89650} ()

DPF name:

CLSID name:

Installer:

Codebase:

 

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)

DPF name:

CLSID name: Shockwave ActiveX Control

Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf

Codebase: http://download.macromedia.com/pub/shockwa...director/sw.cab

description: Macromedia ShockWave Flash Player 7

classification: Legitimate

known filename: SWDIR.DLL

info link:

info source: Patrick M. Kolla

Path: C:\WINDOWS\system32\Adobe\Director\

Long name: swdir.dll

Short name:

Date (created): 25.10.2008 16:41:40

Date (last access): 04.07.2009 16:22:20

Date (last write): 06.08.2008 16:30:48

Filesize: 202168

Attributes: archive

MD5: B8153BAD2E56C50B147867FA9DAEB095

CRC32: D52113FA

Version: 11.0.0.465

 

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)

DPF name:

CLSID name: Windows Genuine Advantage Validation Tool

Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

Codebase: http://go.microsoft.com/fwlink/?linkid=39204

description:

classification: Legitimate

known filename: LegitCheckControl.DLL

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\system32\

Long name: LegitCheckControl.DLL

Short name: LEGITC~1.DLL

Date (created): 24.04.2007 11:32:06

Date (last access): 04.07.2009 15:31:18

Date (last write): 24.04.2007 11:32:06

Filesize: 1485696

Attributes: archive

MD5: F41FA54CD85AF8AACF8C7E084F6742F4

CRC32: 6328586B

Version: 1.7.36.0

 

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)

DPF name:

CLSID name: Shockwave ActiveX Control

Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf

Codebase: http://download.macromedia.com/pub/shockwa...director/sw.cab

description:

classification: Legitimate

known filename: SwDir.dll

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\system32\Adobe\Director\

Long name: swdir.dll

Short name:

Date (created): 25.10.2008 16:41:40

Date (last access): 04.07.2009 18:33:24

Date (last write): 06.08.2008 16:30:48

Filesize: 202168

Attributes: archive

MD5: B8153BAD2E56C50B147867FA9DAEB095

CRC32: D52113FA

Version: 11.0.0.465

 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)

DPF name:

CLSID name: MSN Photo Upload Tool

Installer: C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf

Codebase: http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

description:

classification: Legitimate

known filename: MsnPUpld.dll

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\Downloaded Program Files\

Long name: MsnPUpld.dll

Short name:

Date (created): 20.06.2006 16:44:04

Date (last access): 04.07.2009 15:30:34

Date (last write): 20.06.2006 16:44:04

Filesize: 379704

Attributes: archive

MD5: D2FB109C3F0DAAAA4A73E5921656DB3E

CRC32: A13093E8

Version: 10.0.913.0

 

{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control)

DPF name:

CLSID name: Image Uploader Control

Installer: C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf

Codebase: http://www.extrafilm.no/ImageUploader5.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: ImageUploader5.ocx

Short name: IMAGEU~1.OCX

Date (created): 31.03.2008 18:21:12

Date (last access): 04.07.2009 16:22:20

Date (last write): 31.03.2008 18:21:12

Filesize: 3175944

Attributes: archive

MD5: BC5690433016EB45B8E7665545703398

CRC32: 03744F6F

Version: 5.1.10.0

 

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_03

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

description: Sun Java

classification: Legitimate

known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll

info link:

info source: Patrick M. Kolla

Path: C:\Programfiler\Java\jre1.6.0_03\bin\

Long name: npjpi160_03.dll

Short name: NPJPI1~1.DLL

Date (created): 25.09.2007 00:31:44

Date (last access): 04.07.2009 16:22:18

Date (last write): 25.09.2007 02:11:34

Filesize: 132496

Attributes: archive

MD5: D6A4682A6FF41832A3F1A7AB9AE08199

CRC32: 9080B537

Version: 6.0.30.5

 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()

DPF name:

CLSID name:

Installer: C:\WINDOWS\Downloaded Program Files\erma.inf

Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

description:

classification: Open for discussion

known filename:

info link:

info source: Safer Networking Ltd.

 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_03

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

Path: C:\Programfiler\Java\jre1.6.0_03\bin\

Long name: npjpi160_03.dll

Short name: NPJPI1~1.DLL

Date (created): 25.09.2007 00:31:44

Date (last access): 04.07.2009 18:33:24

Date (last write): 25.09.2007 02:11:34

Filesize: 132496

Attributes: archive

MD5: D6A4682A6FF41832A3F1A7AB9AE08199

CRC32: 9080B537

Version: 6.0.30.5

 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_03

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

description:

classification: Legitimate

known filename: npjpi150_06.dll

info link:

info source: Safer Networking Ltd.

Path: C:\Programfiler\Java\jre1.6.0_03\bin\

Long name: npjpi160_03.dll

Short name: NPJPI1~1.DLL

Date (created): 25.09.2007 00:31:44

Date (last access): 04.07.2009 18:33:24

Date (last write): 25.09.2007 02:11:34

Filesize: 132496

Attributes: archive

MD5: D6A4682A6FF41832A3F1A7AB9AE08199

CRC32: 9080B537

Version: 6.0.30.5

 

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)

DPF name:

CLSID name: Shockwave Flash Object

Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf

Codebase: http://download.macromedia.com/pub/shockwa...ash/swflash.cab

description: Macromedia Shockwave Flash Player

classification: Legitimate

known filename:

info link:

info source: Patrick M. Kolla

Path: C:\WINDOWS\system32\Macromed\Flash\

Long name: Flash9f.ocx

Short name:

Date (created): 25.03.2008 04:32:42

Date (last access): 04.07.2009 17:18:54

Date (last write): 25.03.2008 04:32:42

Filesize: 2991488

Attributes: readonly archive

MD5: 48FDF435B8595604E54125B321924510

CRC32: 12335E29

Version: 9.0.124.0

 

 

 

--- Process list ---

PID: 0 ( 0) [system]

PID: 540 ( 4) \SystemRoot\System32\smss.exe

size: 50688

PID: 612 ( 540) \??\C:\WINDOWS\system32\csrss.exe

size: 6144

PID: 636 ( 540) \??\C:\WINDOWS\system32\winlogon.exe

size: 506880

PID: 680 ( 636) C:\WINDOWS\system32\services.exe

size: 111104

MD5: 6248240BB90F50535277801E2A3F923F

PID: 692 ( 636) C:\WINDOWS\system32\lsass.exe

size: 13312

MD5: 0EAC811F89889A7585BAEDAA4BDD16AF

PID: 848 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 2FADE3D461E99941AAA13E0B83385B46

PID: 908 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 2FADE3D461E99941AAA13E0B83385B46

PID: 1004 ( 680) C:\WINDOWS\System32\svchost.exe

size: 14336

MD5: 2FADE3D461E99941AAA13E0B83385B46

PID: 1064 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 2FADE3D461E99941AAA13E0B83385B46

PID: 1156 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 2FADE3D461E99941AAA13E0B83385B46

PID: 1324 ( 680) C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

size: 18752

MD5: B4253776EE034F6770FCEE32C28490B0

PID: 1340 ( 680) C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

size: 1029456

MD5: CC7D978C4F56FB434E841D35788A7F3C

PID: 1388 ( 680) C:\Programfiler\Alwil Software\Avast4\ashServ.exe

size: 138680

MD5: 62889D40A3FB1A9012428E16FE0DC67A

PID: 1656 ( 680) C:\WINDOWS\system32\spoolsv.exe

size: 57856

MD5: 24A34B0CDDA0ADF220C85150F042D4BB

PID: 260 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 2FADE3D461E99941AAA13E0B83385B46

PID: 376 ( 680) C:\WINDOWS\system32\nvsvc32.exe

size: 155716

MD5: E9E110CDF6A063A5F9B841C36FB5CC95

PID: 388 ( 680) C:\WINDOWS\system32\PnkBstrA.exe

size: 66872

MD5: A9D6B1E7EF097C7F3B5DC4F56C0E7386

PID: 400 ( 680) C:\WINDOWS\system32\PnkBstrB.exe

size: 107832

MD5: 194B04AD84A4FF7E10188039451221D5

PID: 344 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 2FADE3D461E99941AAA13E0B83385B46

PID: 1276 ( 680) C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

size: 254040

MD5: F09461C8ECCACE33C271CC229F11E281

PID: 1292 ( 680) C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

size: 352920

MD5: 23CA3E54474AE5FFDBC0F97B9E1815DB

PID: 1316 ( 848) C:\WINDOWS\system32\wbem\unsecapp.exe

size: 16896

MD5: AC71F604451E6FF9D54C719380AFBD44

PID: 1852 ( 848) C:\WINDOWS\system32\wbem\wmiprvse.exe

size: 227840

MD5: 798A9E6828997EEF4517ADA8A2259831

PID: 1980 ( 680) C:\WINDOWS\System32\alg.exe

size: 44544

MD5: E3915EB1F3D908AE1FDF268E08A45AF6

PID: 2372 (2344) C:\WINDOWS\Explorer.EXE

size: 1033728

MD5: 8059C34B6F4758F678E975665EADFD87

PID: 2692 (2372) C:\Programfiler\Analog Devices\Core\smax4pnp.exe

size: 925696

MD5: 115332A83AC2726FA974D30DB4BFD8DE

PID: 2716 (2372) C:\Programfiler\Analog Devices\SoundMAX\smax4.exe

size: 716800

MD5: F2C53B16FEFD00DC79A15871A5738573

PID: 2896 (2372) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

size: 81000

MD5: FC242DBD786557AC641726DC5C13F060

PID: 2904 (2372) C:\WINDOWS\system32\RUNDLL32.EXE

size: 33280

MD5: B1D2F529DC72F42C73FB0F48C55E7898

PID: 2912 (2372) C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

size: 132496

MD5: D4F0F7437327DBAA264338BAAFB5E5AF

PID: 2928 (2372) C:\Programfiler\Ideazon\ZEngine\Zboard.exe

size: 57344

MD5: 2D451F4D04393013FD53262FC23BDFE1

PID: 2952 (2372) C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

size: 520024

MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2

PID: 2980 (2372) C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

size: 5724184

MD5: 6B327AAECAEBB0D8FE78548ACBE52FB3

PID: 3124 (2372) C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: DD0A3AC0339D222329CBF9CFE0FE6AA5

PID: 3132 (2372) C:\Programfiler\DNA\btdna.exe

size: 321344

MD5: 7CF68169102EEE1C8C24C0CD495AD5BF

PID: 3144 (2372) C:\Programfiler\mail.com\mcalert.exe

size: 139264

MD5: 608D72BF9C37FA1DB6F638D310625699

PID: 3840 ( 680) C:\Programfiler\Windows Live\Messenger\usnsvc.exe

size: 98328

MD5: 9D19B042A4FD5C02195071EA2FE0C821

PID: 3728 (4080) C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

size: 396288

MD5: C4CA7416A6DF6D95075F81D9E3B41AD1

PID: 2284 ( 848) C:\Programfiler\Internet Explorer\IEXPLORE.EXE

size: 638816

MD5: B60DDDD2D63CE41CB8C487FCFBB6419E

PID: 2600 (2284) C:\Programfiler\Internet Explorer\IEXPLORE.EXE

size: 638816

MD5: B60DDDD2D63CE41CB8C487FCFBB6419E

PID: 3976 (2284) C:\Programfiler\Internet Explorer\IEXPLORE.EXE

size: 638816

MD5: B60DDDD2D63CE41CB8C487FCFBB6419E

PID: 948 (3156) C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

size: 2260480

MD5: 390679F7A217A5E73D756276C40AE887

PID: 3768 (2284) C:\Programfiler\Internet Explorer\IEXPLORE.EXE

size: 638816

MD5: B60DDDD2D63CE41CB8C487FCFBB6419E

PID: 2332 (2372) C:\WINDOWS\system32\NOTEPAD.EXE

size: 69120

MD5: 4E4E104A75B9352A3225FFDC2BDF787D

PID: 768 ( 540) \??\C:\WINDOWS\system32\csrss.exe

size: 6144

PID: 2572 ( 540) \??\C:\WINDOWS\system32\winlogon.exe

size: 506880

PID: 3428 (2764) C:\WINDOWS\Explorer.EXE

size: 1033728

MD5: 8059C34B6F4758F678E975665EADFD87

PID: 1452 (3428) C:\Programfiler\Analog Devices\Core\smax4pnp.exe

size: 925696

MD5: 115332A83AC2726FA974D30DB4BFD8DE

PID: 3528 (3428) C:\Programfiler\Analog Devices\SoundMAX\smax4.exe

size: 716800

MD5: F2C53B16FEFD00DC79A15871A5738573

PID: 1920 (3428) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

size: 81000

MD5: FC242DBD786557AC641726DC5C13F060

PID: 3752 (3428) C:\WINDOWS\system32\RUNDLL32.EXE

size: 33280

MD5: B1D2F529DC72F42C73FB0F48C55E7898

PID: 3888 (3428) C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

size: 132496

MD5: D4F0F7437327DBAA264338BAAFB5E5AF

PID: 2288 (3428) C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

size: 39792

MD5: 8B9145D229D4E89D15ACB820D4A3A90F

PID: 1868 (3428) C:\Programfiler\Ideazon\ZEngine\Zboard.exe

size: 57344

MD5: 2D451F4D04393013FD53262FC23BDFE1

PID: 3372 (3428) C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

size: 520024

MD5: 2CD3C21B57B2B1E5CC4C82519461C9D2

PID: 1024 (3428) C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: DD0A3AC0339D222329CBF9CFE0FE6AA5

PID: 3280 (3428) C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

size: 5724184

MD5: 6B327AAECAEBB0D8FE78548ACBE52FB3

PID: 2704 (3428) C:\Programfiler\Messenger\msmsgs.exe

size: 1695232

MD5: 2C94142AD7BA1BA71EDA76190892457E

PID: 3880 (3428) C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

size: 2260480

MD5: 390679F7A217A5E73D756276C40AE887

PID: 2788 (3428) C:\Programfiler\mail.com\mcalert.exe

size: 139264

MD5: 608D72BF9C37FA1DB6F638D310625699

PID: 3152 (3112) C:\Programfiler\OpenOffice.org 2.2\program\soffice.exe

size: 2359296

MD5: E5D8FC6EBA1050EA064A0B6E1CCD94FE

PID: 840 (3152) C:\Programfiler\OpenOffice.org 2.2\program\soffice.BIN

size: 2510848

MD5: CE329D7EC1A339B361BADBBA9BE60E6B

PID: 3660 (3428) C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe

size: 5365592

MD5: 0477C2F9171599CA5BC3307FDFBA8D89

PID: 4 ( 0) System

 

 

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 04.07.2009 18:33:24

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\system32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.google.com/

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

 

 

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

 

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

 

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

 

Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

 

Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

 

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F04B1BDF-3462-422F-A295-EE584AA68535}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F04B1BDF-3462-422F-A295-EE584AA68535}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C10CF0FB-32A8-4B0D-87D3-23C8D2F47873}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C10CF0FB-32A8-4B0D-87D3-23C8D2F47873}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{45F7F0C1-1610-4C5F-A6D7-A3A728DF5C9F}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{45F7F0C1-1610-4C5F-A6D7-A3A728DF5C9F}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AD4289E-D554-460D-ADC4-A9E01BFDD92E}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AD4289E-D554-460D-ADC4-A9E01BFDD92E}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Namespace Provider 0: TCP/IP

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

 

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

 

Namespace Provider 2: Navneområde for Sporing av nettverksplassering (NLA - Network Location Awareness)

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace

 

 

 

 

 

Logfile created: 04.07.2009 13:10:55

Lavasoft Ad-Aware version: 8.0.7

Extended engine version: 8.1

User performing scan: Gatinha

 

*********************** Definitions database information ***********************

Lavasoft definition file: 148.65

Extended engine definition file: 8.1

 

******************************** Scan results: *********************************

Scan profile name: Full Scan (ID: full)

Objects scanned: 111741

Objects detected: 52

 

 

Type Detected

==========================

Processes.......: 0

Registry entries: 3

Hostfile entries: 0

Files...........: 2

Folders.........: 0

LSPs............: 0

Cookies.........: 47

Browser hijacks.: 0

MRU objects.....: 0

 

 

 

Removed items:

Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0

Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0

Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0

Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0

Description: *linksynergy* Family Name: Cookies Clean status: Success Item ID: 408845 Family ID: 0

Description: *inksynergy* Family Name: Cookies Clean status: Success Item ID: 408995 Family ID: 0

Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0

Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0

Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0

Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0

Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0

Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0

Description: *sextrack* Family Name: Cookies Clean status: Success Item ID: 408975 Family ID: 0

Description: *sextracker* Family Name: Cookies Clean status: Success Item ID: 409128 Family ID: 0

Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0

Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0

Description: *statistik-gallup* Family Name: Cookies Clean status: Success Item ID: 409367 Family ID: 0

Description: *.adform* Family Name: Cookies Clean status: Success Item ID: 409300 Family ID: 0

Description: *.adform* Family Name: Cookies Clean status: Success Item ID: 409300 Family ID: 0

Description: *statistik-gallup* Family Name: Cookies Clean status: Success Item ID: 409367 Family ID: 0

Description: *tradedoubler* Family Name: Cookies Clean status: Success Item ID: 408964 Family ID: 0

Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0

Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0

Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0

Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0

Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0

Description: *iwon* Family Name: Cookies Clean status: Success Item ID: 408852 Family ID: 0

Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0

Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0

Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0

Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0

Description: *statcounter* Family Name: Cookies Clean status: Success Item ID: 409185 Family ID: 0

Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0

Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0

Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0

Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0

Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0

Description: *adultfriendfinder* Family Name: Cookies Clean status: Success Item ID: 409164 Family ID: 0

Description: *adopt.euroclick* Family Name: Cookies Clean status: Success Item ID: 409169 Family ID: 0

Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0

Description: *overture* Family Name: Cookies Clean status: Success Item ID: 408834 Family ID: 0

Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0

Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0

Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0

Description: *ad1.emediate* Family Name: Cookies Clean status: Success Item ID: 409299 Family ID: 0

Description: C:\WINDOWS\ponto.DLL Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 178252 Family ID: 936

Description: HKCR:e404.e404mgr.1: Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 9949 Family ID: 936

Description: HKCR:e404.e404mgr: Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 10997 Family ID: 936

Description: HKU:S-1-5-21-1123561945-2111687655-725345543-1004\software\microsoft\windows\currentversion\run:iexplorer Family Name: Win32.Trojan.Agent Clean status: Success Item ID: 29921 Family ID: 936

Description: C:\WINDOWS\system32\iinqyl.dll Family Name: Win32.Trojan.FakeAlert Clean status: Success Item ID: 111975 Family ID: 352

 

Scan and cleaning complete: Finished correctly after 2001 seconds

 

*********************************** Settings ***********************************

 

Scan profile:

ID: full, enabled:1, value: Full Scan

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: true

ID: scanhostsfile, enabled:1, value: true

ID: scanmru, enabled:1, value: true

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: folderstoscan, enabled:1, value: C:\,D:\

ID: usespywareheuristics, enabled:1, value: true

ID: extendedengine, enabled:0, value: true

ID: useheuristics, enabled:0, value: true

ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict

ID: filescanningoptions, enabled:1

ID: scanrootkits, enabled:1, value: true

ID: archives, enabled:1, value: true

ID: onlyexecutables, enabled:1, value: false

ID: skiplargerthan, enabled:1, value: 20480

 

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

Edited by nasdaq
HijackThis log requested.

Share this post


Link to post
Share on other sites

Hi malefique, and Welcome to SWI

 

If you still need help, please read the forum FAQ and post a HijackThis log as nasdaq already mentioned and I'll be glad to assist you.

Share this post


Link to post
Share on other sites

I did actually paste one in but it might have gotten scrubbed

 

here is new one

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:30:18, on 05.07.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Ideazon\ZEngine\Zboard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\mail.com\mcalert.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Programfiler\ExtraFilm at Home\Agent.exe"

O4 - HKLM\..\Run: [Zboard] C:\Programfiler\Ideazon\ZEngine\Zboard.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CurseClient] C:\Programfiler\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iexplorerskut] C:\WINDOWS\system32\dllhostc.exe

O4 - HKCU\..\Run: [ashservecie] C:\WINDOWS\system32\ashservec.exe

O4 - HKCU\..\Run: [explorer] C:\WINDOWS\systemq.exe

O4 - HKCU\..\Run: [twumk.exe] C:\WINDOWS\system32\twumk.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [Mail.com] C:\Programfiler\mail.com\mcalert.exe -auto

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30)" -"http://www.cartoonnetwork.com/tv_shows/starwars/games/game_02_ext.html"

O4 - S-1-5-18 Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe (User 'Default user')

O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe (User 'Default user')

O4 - Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Cleaner - {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - C:\Programfiler\ClickClean\ClickClean.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.no/ImageUploader5.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 8426 bytes

Share this post


Link to post
Share on other sites

Your log was probably cut off by the maximum post length.

 

One or more of the items you need to remove is a backdoor application can allow attackers to access your computer specifically to steal banking information. I highly recommend that from a clean, uninfected system you immediately change all the passwords on any systems you access from this system. If you do any on-line banking, or store any financial information on this system, you should immediately call your financial institution and advise them of the situation so you can secure your accounts.

 

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

 

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

 

When Should I Format, How Should I Reinstall

 

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

 

If you want to continue to clean the system:

 

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

 

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwords that some changes were made, allow this instead of blocking it.

Please don't forget this step to disable teatimer.

 

Clean your Cache and Cookies in IE:

  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Private Data).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin

  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

I recommend you uninstall the questionable Ask Toolbar, it was likely installed with another program and you didn't see the notice that it was an optional component at the start of the install process. Many programs (even widely known legitimate programs) have toolbars as optional bundled installs these days because they get money from the business relationship. You can read more about Ask.com here.

 

If you uninstalled the Ask Toolbar as recommended, using Windows Explorer delete the following folder if still there:

C:\Program Files\AskBarDis

 

I have run ATF-cleaner, spybot S&D, Adaware(not resident) , AVAST(resident), MAM

I think you meant MBAM.

 

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

In Internet Explorer, please run the BitDefender online scan at BitDefender.com

You will need to allow an ActiveX control to install for the scan to run.

Leave the scanning options at default and press "click here to scan"

When finished scanning, click on "click here to export the scan report"

Save it to your desktop, at "file name" type in "bdscan" then click save.

Please post the log in your next reply.

 

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [iexplorerskut] C:\WINDOWS\system32\dllhostc.exe

O4 - HKCU\..\Run: [ashservecie] C:\WINDOWS\system32\ashservec.exe

O4 - HKCU\..\Run: [explorer] C:\WINDOWS\systemq.exe

O4 - HKCU\..\Run: [twumk.exe] C:\WINDOWS\system32\twumk.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30)" -"http://www.cartoonnetwork.com/tv_shows/starwars/games/game_02_ext.html"

 

If you uninstalled the Ask Toolbar as recommended, also check (if still there):

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll

 

You can optionally check these registration reminders as they are not needed for the proper running of your system, but I recommend you follow through with the registration:

O4 - S-1-5-18 Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe (User 'Default user')

O4 - Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

 

Using Windows Explorer, locate the following files, and delete them (if still there):

C:\WINDOWS\system32\dllhostc.exe

C:\WINDOWS\system32\ashservec.exe

C:\WINDOWS\systemq.exe

C:\WINDOWS\system32\twumk.exe

 

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:

C:\Programfiler\ExtraFilm at Home\Agent.exe

C:\Programfiler\ClickClean\ClickClean.exe

 

Is ClickClean this program?

http://www.soft-go.com/get/ClickClean_58090.html

Even if it is, please do the scan anyway and post the results. It will help others identify the program later.

 

Please post a new HijackThis log, the log from MBAM, the log from BitDefender, and then so hopefully nothing is cut off by the maximum post length, in a second reply post the results from scanning the two files at VirusTotal, and note any errors encountered.

Share this post


Link to post
Share on other sites

if I misunderstood you correctly you say that even though doing all this we'll never know and that reformatting should be best choice? :)

Share this post


Link to post
Share on other sites

File ClickClean.exe received on 2009.07.06 09:09:44 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

 

 

Result: 0/41 (0%)

Loading server information...

Your file is queued in position: ___.

Estimated start time is between ___ and ___ .

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

 

 

Antivirus Version Last Update Result

a-squared 4.5.0.18 2009.07.06 -

AhnLab-V3 5.0.0.2 2009.07.06 -

AntiVir 7.9.0.204 2009.07.06 -

Antiy-AVL 2.0.3.1 2009.07.06 -

Authentium 5.1.2.4 2009.07.05 -

Avast 4.8.1335.0 2009.07.05 -

AVG 8.5.0.386 2009.07.05 -

BitDefender 7.2 2009.07.06 -

CAT-QuickHeal 10.00 2009.07.06 -

ClamAV 0.94.1 2009.07.03 -

Comodo 1538 2009.07.02 -

DrWeb 5.0.0.12182 2009.07.06 -

eSafe 7.0.17.0 2009.07.02 -

eTrust-Vet 31.6.6596 2009.07.03 -

F-Prot 4.4.4.56 2009.07.05 -

F-Secure 8.0.14470.0 2009.07.06 -

Fortinet 3.117.0.0 2009.07.03 -

GData 19 2009.07.06 -

Ikarus T3.1.1.64.0 2009.07.06 -

Jiangmin 11.0.706 2009.07.06 -

K7AntiVirus 7.10.783 2009.07.03 -

Kaspersky 7.0.0.125 2009.07.06 -

McAfee 5667 2009.07.05 -

McAfee+Artemis 5667 2009.07.05 -

McAfee-GW-Edition 6.8.5 2009.07.06 -

Microsoft 1.4803 2009.07.06 -

NOD32 4219 2009.07.05 -

Norman 6.01.09 2009.07.04 -

nProtect 2009.1.8.0 2009.07.05 -

Panda 10.0.0.14 2009.07.06 -

PCTools 4.4.2.0 2009.07.05 -

Prevx 3.0 2009.07.06 -

Rising 21.37.01.00 2009.07.06 -

Sophos 4.43.0 2009.07.06 -

Sunbelt 3.2.1858.2 2009.07.05 -

Symantec 1.4.4.12 2009.07.06 -

TheHacker 6.3.4.3.362 2009.07.04 -

TrendMicro 8.950.0.1094 2009.07.06 -

VBA32 3.12.10.7 2009.07.06 -

ViRobot 2009.7.6.1819 2009.07.06 -

VirusBuster 4.6.5.0 2009.07.05 -

 

 

I did the clickclean scan as you requested though is this the proper report?

Share this post


Link to post
Share on other sites
if I misunderstood you correctly you say that even though doing all this we'll never know and that reformatting should be best choice? :)

Reformatting would be the most secure choice and is the way I would deal with this if it was my own system.

While we could clean the system and remove the trojan, we would never be sure what other changes were made to your system.

 

I would also recommend installing a good software firewall. Two excellent free firewalls are Outpost Firewall Free or Online Armor Free. Either one would be a good choice. There is a tutorial on understanding firewalls at http://www.bleepingcomputer.com/forums/tutorial60.html and a tutorial for Outpost Free at http://www.outpostfirewall.com/forum/showt...9658#post179658.

Share this post


Link to post
Share on other sites

reformatting is sound advice but sadly can't find my cd's >< so well I'll do it the hard way and hopefully buy myself a new comp within shortly anyway

Share this post


Link to post
Share on other sites

let's see ^^

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:43:46, on 06.07.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Ideazon\ZEngine\Zboard.exe

C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Curse\CurseClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\mail.com\mcalert.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Programfiler\ExtraFilm at Home\Agent.exe"

O4 - HKLM\..\Run: [Zboard] C:\Programfiler\Ideazon\ZEngine\Zboard.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CurseClient] C:\Programfiler\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iexplorerskut] C:\WINDOWS\system32\dllhostc.exe

O4 - HKCU\..\Run: [ashservecie] C:\WINDOWS\system32\ashservec.exe

O4 - HKCU\..\Run: [twumk.exe] C:\WINDOWS\system32\twumk.exe

O4 - HKCU\..\Run: [Mail.com] C:\Programfiler\mail.com\mcalert.exe -auto

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30)" -"http://www.cartoonnetwork.com/tv_shows/starwars/games/game_02_ext.html"

O4 - S-1-5-18 Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe (User 'Default user')

O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe (User 'Default user')

O4 - Startup: 3DO - Might and Magic VII Registration.lnk = D:\Programfiler\3DO\Might and Magic VII\Register\Remind32.exe

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.no/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 8412 bytes

 

MBAM

 

Malwarebytes' Anti-Malware 1.38

Database version: 2371

Windows 5.1.2600 Service Pack 3

 

06.07.2009 17:41:47

mbam-log-2009-07-06 (17-41-47).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 154218

Time elapsed: 48 minute(s), 46 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

BitDefender Online Scanner - Real Time Virus Report

 

 

 

Generated at: Mon, Jul 06, 2009 - 18:50:20

 

 

--------------------------------------------------------------------------------

 

 

 

 

 

Scan Info

 

 

 

Scanned Files

2512

 

Infected Files

0

 

 

 

 

 

 

 

 

Virus Detected

 

 

 

No virus found.

 

 

 

 

 

 

 

 

 

 

 

--------------------------------------------------------------------------------

 

 

 

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Share this post


Link to post
Share on other sites

I posted the scan of the clickclean.exe above, before the logs, but can't seem to find the second one anymore ^^

C:\Programfiler\ExtraFilm at Home\Agent.exe

I did a killing spree at add / remove programs in windows though might be it.

Share this post


Link to post
Share on other sites

and here is the latest Hijackthis log after I have done your checklist

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:54, on 06.07.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Ideazon\ZEngine\Zboard.exe

C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Curse\CurseClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\mail.com\mcalert.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Programfiler\ExtraFilm at Home\Agent.exe"

O4 - HKLM\..\Run: [Zboard] C:\Programfiler\Ideazon\ZEngine\Zboard.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CurseClient] C:\Programfiler\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Mail.com] C:\Programfiler\mail.com\mcalert.exe -auto

O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.no/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 7184 bytes

Share this post


Link to post
Share on other sites

Download ComboFix© by sUBs from one of these locations:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

Familiarize yourself with ComboFix before running it:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

RcAuto1.gif

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

Click on Yes, to continue scanning for malware. When finished, it will save a log.

Please include the contents of the log at C:\ComboFix.txt in your next reply.

 

Please do a scan with Kaspersky Online Scanner

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post a new HijackThis log, the log from Kaspersky's online scan, and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:51:30, on 07.07.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Ideazon\ZEngine\Zboard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\mail.com\mcalert.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Zboard] C:\Programfiler\Ideazon\ZEngine\Zboard.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programfiler\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CurseClient] C:\Programfiler\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Mail.com] C:\Programfiler\mail.com\mcalert.exe -auto

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programfiler\OpenOffice.org 2.2\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.no/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 7281 bytes

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Tuesday, July 7, 2009

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Tuesday, July 07, 2009 12:26:04

Records in database: 2436405

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

 

Scan statistics:

Files scanned: 61346

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 00:46:48

 

No malware has been detected. The scan area is clean.

 

The selected area was scanned.

Share this post


Link to post
Share on other sites

combofix got 1 error it coulnt download Microsoft Recovery Console just gave this error:

Internal Error failed to enumerate download path

 

I ran Combofix 2 times 1 before kaspersky etc and 1 after ^^

 

1st log

 

ComboFix 09-07-06.02 - sjef 07.07.2009 12:09.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1023.690 [GMT 2:00]

Kjører fra: c:\documents and settings\sjef\Mine dokumenter\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090706-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\sjef\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\sjef\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\documents and settings\sjef\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\LegitCheckControl.inf

c:\documents and settings\sjef\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\swflash.inf

c:\programfiler\Helper

c:\windows\Installer\154d49f.msi

c:\windows\Installer\154d4a0.msp

c:\windows\Installer\154d4a1.msp

c:\windows\Installer\154d4a2.msp

c:\windows\Installer\154d4a3.msp

c:\windows\Installer\154d4a4.msp

c:\windows\Installer\154d4a5.msp

c:\windows\Installer\154d4a6.msp

c:\windows\Installer\154d4a7.msp

c:\windows\Installer\154d4a8.msp

c:\windows\Installer\f42b34.msp

c:\windows\Installer\f42b35.msp

c:\windows\Installer\f42b36.msp

c:\windows\Installer\f42b37.msp

c:\windows\Installer\f42b38.msp

c:\windows\Installer\f42b39.msp

c:\windows\Installer\f42b3a.msp

c:\windows\Installer\f42b3b.msp

c:\windows\Installer\f42b3c.msp

c:\windows\system32\Prefetchxs

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-07 til 2009-07-07 )))))))))))))))))))))))))))))))))

.

 

2009-07-06 17:03 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys

2009-07-06 17:03 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys

2009-07-06 17:02 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys

2009-07-06 17:01 . 2009-07-06 17:01 -------- d-----w- c:\programfiler\Agnitum

2009-07-06 17:01 . 2009-07-06 17:01 -------- d-----w- c:\documents and settings\All Users\Programdata\Agnitum

2009-07-06 13:35 . 2009-07-06 16:46 -------- d-----w- c:\windows\BDOSCAN8

2009-07-06 05:54 . 2009-07-06 05:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-07-04 16:31 . 2009-07-04 16:31 -------- d-sh--w- c:\documents and settings\Gatinha\IECompatCache

2009-07-04 16:31 . 2009-07-04 16:31 -------- d-sh--w- c:\documents and settings\Gatinha\PrivacIE

2009-07-04 16:30 . 2009-07-04 16:30 -------- d-sh--w- c:\documents and settings\Gatinha\IETldCache

2009-07-04 16:26 . 2009-07-04 16:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-07-04 14:31 . 2009-07-04 14:31 -------- d-sh--w- c:\documents and settings\sjef\PrivacIE

2009-07-04 14:31 . 2009-07-04 14:31 -------- d-sh--w- c:\documents and settings\sjef\IECompatCache

2009-07-04 14:30 . 2009-07-04 14:30 -------- d-----w- c:\programfiler\Trend Micro

2009-07-04 14:27 . 2009-07-04 14:27 -------- d-sh--w- c:\documents and settings\sjef\IETldCache

2009-07-04 14:24 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-07-04 14:24 . 2009-07-04 14:24 -------- d-----w- c:\windows\ie8updates

2009-07-04 14:23 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-07-04 14:23 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-04 14:23 . 2009-07-04 14:23 -------- dc-h--w- c:\windows\ie8

2009-07-04 14:11 . 2009-07-04 14:11 -------- d-----w- c:\documents and settings\sjef\Programdata\Malwarebytes

2009-07-04 12:33 . 2009-07-04 12:33 -------- d-----w- c:\documents and settings\Gatinha\Programdata\Malwarebytes

2009-07-04 12:33 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-04 12:33 . 2009-07-04 12:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-07-04 12:33 . 2009-07-04 12:33 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-07-04 12:33 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-04 12:31 . 2009-07-04 12:31 -------- d-----w- c:\programfiler\mail.com

2009-07-04 11:58 . 2009-07-04 12:02 -------- d-----w- c:\programfiler\Spybot - Search & Destroy

2009-07-04 11:58 . 2009-07-04 12:02 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2009-07-04 11:56 . 2009-07-04 11:05 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-07-04 11:03 . 2009-07-04 11:08 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-07-04 11:03 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe

2009-07-04 11:03 . 2009-07-04 11:05 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft

2009-07-04 11:03 . 2009-07-04 11:03 -------- d-----w- c:\programfiler\Lavasoft

2009-06-22 05:54 . 2009-06-22 05:54 -------- d-----w- c:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Apple

2009-06-10 14:54 . 2009-06-10 14:54 -------- d-----w- c:\documents and settings\Gatinha\Lokale innstillinger\Programdata\Apple Computer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-07 10:15 . 2007-09-19 20:54 -------- d-----w- c:\documents and settings\sjef\Programdata\OpenOffice.org2

2009-07-06 14:08 . 2007-08-16 13:40 -------- d--h--w- c:\programfiler\InstallShield Installation Information

2009-07-06 11:06 . 2009-07-04 11:05 0 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\Resources.dll

2009-07-06 11:05 . 2009-07-04 11:05 2353480 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-07-04 16:34 . 2009-03-05 06:52 -------- d-----w- c:\documents and settings\Gatinha\Programdata\OpenOffice.org2

2009-05-25 22:59 . 2009-04-27 19:30 -------- d-----w- c:\documents and settings\sjef\Programdata\Move Networks

2009-05-13 05:06 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:34 . 2004-08-04 12:00 346112 ----a-w- c:\windows\system32\localspl.dll

2009-04-27 19:30 . 2009-04-27 19:30 34062 ----a-w- c:\documents and settings\sjef\Programdata\Move Networks\ie_bin\Uninst.exe

2009-04-19 19:51 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 06:03 . 2004-08-04 12:00 80090 ----a-w- c:\windows\system32\perfc014.dat

2009-04-16 06:03 . 2004-08-04 12:00 444332 ----a-w- c:\windows\system32\perfh014.dat

2009-04-15 14:55 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-01-26 08:51 . 2007-09-27 02:37 15360 --sha-w- c:\programfiler\Fellesfiler\Thumbs.db

2007-09-23 19:10 . 2007-09-23 19:10 642796 ----a-w- c:\programfiler\Fellesfiler\XviD-1.1.3-28062007.exe

2007-09-15 01:42 . 2007-09-15 01:42 6197248 ----a-w- c:\programfiler\Fellesfiler\innocentgirl_fuckinpublic-8.avi

2007-09-15 01:36 . 2007-09-15 01:36 7563264 ----a-w- c:\programfiler\Fellesfiler\innocentgirl_fuckinpublic-4.avi

2009-02-18 01:08 . 2007-10-11 00:41 67688 ----a-w- c:\programfiler\mozilla firefox\components\jar50.dll

2009-02-18 01:08 . 2007-10-11 00:41 54368 ----a-w- c:\programfiler\mozilla firefox\components\jsd3250.dll

2009-02-18 01:08 . 2007-10-11 00:41 34944 ----a-w- c:\programfiler\mozilla firefox\components\myspell.dll

2009-02-18 01:08 . 2007-10-11 00:41 46712 ----a-w- c:\programfiler\mozilla firefox\components\spellchk.dll

2009-02-18 01:08 . 2007-10-11 00:41 172136 ----a-w- c:\programfiler\mozilla firefox\components\xpinstal.dll

2008-11-22 13:43 . 2008-11-22 13:43 110 --sh--w- c:\windows\TRANSFORMERS.DLL

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"CurseClient"="c:\programfiler\Curse\CurseClient.exe" [2009-07-06 1966592]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Mail.com"="c:\programfiler\mail.com\mcalert.exe" [2007-06-25 139264]

"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Zboard"="c:\programfiler\Ideazon\ZEngine\Zboard.exe" [2008-11-12 57344]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-03-28 413696]

"Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-04 520024]

"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]

"OutpostFeedBack"="c:\programfiler\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

 

c:\documents and settings\sjef\Start-meny\Programmer\Oppstart\

OpenOffice.org 2.2.lnk - c:\programfiler\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]

 

c:\documents and settings\Gatinha\Start-meny\Programmer\Oppstart\

OpenOffice.org 2.2.lnk - c:\programfiler\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\World of Warcraft\\BackgroundDownloader.exe"=

"C:0\\Programfiler\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enGB-downloader.exe"=

"d:\\Call of Duty\\CoDUOMP.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"d:\\World of Warcraft\\Launcher.exe"=

"c:\\Programfiler\\Curse\\CurseClient.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04.07.2009 13:05 64160]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06.04.2008 12:31 114768]

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [06.07.2009 19:03 704384]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06.04.2008 12:31 20560]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [06.07.2009 19:02 31128]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [06.07.2009 19:03 257432]

S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [06.07.2009 19:01 1195008]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12.03.2006 13:11 37248]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 1029456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:05]

 

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - TOMME PEKERE FJERNET - - - -

 

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

HKLM-Run-ExtraFilmHemmaAgent - c:\programfiler\ExtraFilm at Home\Agent.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

FF - ProfilePath - c:\documents and settings\sjef\Programdata\Mozilla\Firefox\Profiles\8lvh439d.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - component: c:\programfiler\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\programfiler\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-07 12:15

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'explorer.exe'(1656)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\programfiler\Alwil Software\Avast4\aswUpdSv.exe

c:\programfiler\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-07-07 12:18 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-07-07 10:18

 

Pre-Run: 17 221 713 920 byte ledig

Post-Run: 17 414 119 424 byte ledig

 

215 --- E O F --- 2009-07-04 14:24

 

 

 

2nd run I didnt save a log :( allthough got the same error both times

Share this post


Link to post
Share on other sites

Sorry for the slow response, but I missed your reply.

 

There are two empty entries to remove, possibly related to TeaTimer restoring them.

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

 

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwords that some changes were made, allow this instead of blocking it.

 

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

 

O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

 

That's two different online scans now, BitDefender and Kaspersky, that didn't find any additional infected files.

 

I think the error was simply that the Recovery Console didn't install.

 

Go to start > run and copy and paste next command in the field:

ComboFix /u

 

Make sure there's a space between Combofix and /

Then hit enter.

 

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

 

Create a Restore Point

  • Go to Start > Programs > Accessories > System Tools > System Restore
  • Select Create a Restore Point and then Next.
  • In the box for "Restore point description", enter a descriptive name and press Create
  • When the "Restore Point Created" window appears, click Close

Run Disk Cleanup

  • Go to Start > Run and type the below line:
    cleanmgr
  • Click OK
    • If you have more than one drive, select the drive Windows is installed on
    • Click OK

    [*]When Disk Cleanup opens, select the More Options tab

    [*]In the System Restore section (bottom of window), click Cleanup

    • In the confirmation window that opens, click Yes

    [*]Now click on the Disk Cleanup tab and select the following items:

    • Downloaded Program Files
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files

    [*]Click OK

    [*]in the confirmation window, select Yes (Disk Cleanup will close).

Please post a new HijackThis log.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0