Tech Support Forum banner
Status
Not open for further replies.

Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or something++

4K views 22 replies 2 participants last post by  amateur 
#1 · (Edited)
Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or something++

I've been having some problems with my computer and I've always somehow managed to work my way around the issues spyware/malware etc. have created but lately it's been getting out of hand.. Some time ago I got a virus or something that made the entire tab under "Processes" dissapear. So I could not see process-names in the task-manager. I have re-installed XP but this problem persists. I have been using a different application to monitor and handle processes.

The problem now is the constant pop-ups generated from this fake anti-virus program calling itself "Anti Virus Pro 2007" or something.. It pops up with fake commercials, and even attach itself into other explorer-windows while I view other pages.

As popups and messageboxes keep popping up, I close them, but after a while windows will open a messagebox telling me "Buffer overrun detected in e:\Windows\system32\explorer.exe" (or \\windows\explorer.exe I don't remember really but you get the idea) and explorer.exe will be terminated, sometimes taking some internet explorer windows along with it, other times explorer.exe just starts up again and all my windows remain.

I used to have Norton but was forced to remove it as it was sucking up all my CPU. It rendered my computer useless, as I mainly use it for gaming.

I've also experienced having the connection between me and my modem broken while beeing on the internet, and I don't know if my computer actually is offline or if -I'm- just offline.. The LAN-connection won't detect my modem and I can't even find it by pinging it.

I have been trough Step 1 without finding anything I could remove in control-panel.

The panda online search take hours if not days to finish, as it slows down severly after a certain time.. I have tried acouple of times but before it finish a popup or an error will close the browser window :/

EDIT: I forgot to mention.. I have tried to follow acouple of solutions I saw you guys giving people with similiar problems as I had, and searching for malware and stuff it did find some infected dll-files in my system32 folder and other windows-folders. I deleted afew but something called nnommmll.dll or something was attached to winlogon.exe and therefore I couldn't delete it. The other files came back after my computer crashed anyway though x.x

I'll now paste the logfile generated by dss.exe
----------------------------------------------------
Deckard's System Scanner v20070905.67
Run by Per_Killer on 2007-10-04 02:29:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-10-04 00:29:26 UTC - RP203 - Deckard's System Scanner Restore Point
3: 2007-10-03 17:36:54 UTC - RP202 - Kontrollpunkt for system
2: 2007-10-02 05:58:08 UTC - RP201 - Kontrollpunkt for system
1: 2007-09-29 10:08:40 UTC - RP200 - Kontrollpunkt for system


Backed up registry hives.
Performed disk cleanup.

System Drive E: has 10.05 GiB (less than 15%) free.


-- HijackThis (run as Per_Killer.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-04 02:32:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTSVCCDA.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
H:\Prog\Java\bin\jusched.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
E:\Programfiler\MSN Messenger\msnmsgr.exe
E:\Programfiler\MSN Messenger\usnsvc.exe
C:\Prog\Mirc\mirc.exe
E:\WINDOWS\explorer.exe
H:\Sindre\Spill\Online\Dark Ages\DarkAges.exe
E:\Programfiler\iPod\bin\iPodService.exe
E:\Programfiler\Internet Explorer\iexplore.exe
E:\Documents and Settings\Per_Killer\Skrivebord\FIX\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - H:\Prog\SnagIt\SnagItBHO.dll
O2 - BHO: (no name) - {02633FD6-4FBE-47B1-8966-7C223969A25B} - (no file)
O2 - BHO: (no name) - {709AFF26-6BB0-4AD3-A3A3-1286592465D6} - E:\WINDOWS\system32\nnnomml.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Prog\Java\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9B5CFE0B-BE3B-4552-811D-84539C0DCFA5} - E:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - E:\WINDOWS\system32\trxxmaxe.dll
O2 - BHO: (no name) - {E980DD43-BEDE-46DD-BC03-BB7B85544898} - E:\WINDOWS\system32\ukwhuvtf.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - H:\Prog\SnagIt\SnagItIEAddin.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "H:\Prog\Java\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [Smapp] E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [PKR Pal] "H:\Sindre\Spill\PKR\pkrpal.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [PWRISOVM.EXE] H:\Prog\PowerISO\PWRISOVM.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [SearchIndexer] rundll32.exe "E:\WINDOWS\system32\ymqwfikn.dll",sitypnow
O4 - HKEY_LOCAL_MACHINE\..\RunOnce: [*CmaudioMon] rundll32.exe bot007dll.dll,_EntryPoint@16
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = H:\Sindre\Spill\Dark Messiah\Dark Messiah of Might and Magic\RegistrationReminder.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Prog\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Prog\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {44226DFF-747E-4edc-B30C-78752E50CD0C} - (file missing)
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://rcade.skilljam.com/ssp/SkillJamLoader.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - E:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\Programfiler\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\Programfiler\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: AtiExtEvent - E:\WINDOWS\system32\
O20 - Winlogon Notify: mljgh - E:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: nnnomml - E:\WINDOWS\system32\nnnomml.dll
O20 - Winlogon Notify: ssttt - E:\WINDOWS\system32\ssttt.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - "E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\uflpuqca.exe /service
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - "E:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe


-- HijackThis Fixed Entries (H:\Prog\HIJACK~1\backups\) ------------------------

backup-20061130-055756-706 O2 - BHO: °Ù¶È³¬¼¶ËÑ°Ô - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - E:\Progra~1\Baidu\bar\BaiDuBar.dll
backup-20061130-055840-122 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Prog\Java\jre1.5.0_06\bin\ssv.dll
backup-20061130-055840-766 O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
backup-20061130-055840-841 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Prog\Spybot - Search & Destroy\SDHelper.dll
backup-20061130-055850-443 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Prog\Internet Download Manager\IDMIECC.dll
backup-20061130-055913-313 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Prog\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll
backup-20061130-055937-730 R3 - Default URLSearchHook is missing
backup-20061130-060029-107 O8 - Extra context menu item: °Ù¶È-ËÑË÷ÐÂÎÅ - res://E:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
backup-20061130-060029-200 O8 - Extra context menu item: °Ù¶È-ËÑË÷ͼƬ - res://E:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
backup-20061130-060029-247 O8 - Extra context menu item: °Ù¶È-ËÑË÷¸è´Ê - res://E:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
backup-20061130-060029-510 O8 - Extra context menu item: °Ù¶È-ËÑË÷MP3 - res://E:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
backup-20061130-060029-755 O8 - Extra context menu item: °Ù¶È-´ÊµäËÑË÷ - res://E:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
backup-20061130-060029-770 O8 - Extra context menu item: °Ù¶È-ËÑË÷Ìù°É - res://E:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
backup-20061130-060029-832 O8 - Extra context menu item: °Ù¶È-ËÑË÷ÍøÒ³ - res://E:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
backup-20061130-060102-266 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Sindre\Spill\PokerGames\PartyPoker\PartyPoker\RunApp.exe
backup-20061130-060102-369 O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - E:\Sindre\Spill\POKER\Poker.com\poker.exe
backup-20061130-060102-390 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Sindre\Spill\PokerGames\PartyPoker\PartyPoker\RunApp.exe
backup-20061130-060102-691 O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - E:\Sindre\Spill\POKER\Noble Poker\casino.exe
backup-20061130-060102-838 O9 - Extra button: CDpoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - E:\Sindre\Spill\POKER\CDpoker\casino.exe
backup-20061130-060103-144 O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - E:\Documents and Settings\All Users\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk (file missing)
backup-20061130-060103-568 O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - E:\Documents and Settings\All Users\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - e:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - e:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - e:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SCDEmu - e:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 CdaD10BA - e:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 ithsgt - e:\windows\system32\drivers\ithsgt.sys
R2 lilsgt - e:\windows\system32\drivers\lilsgt.sys
R3 scskusbf (USB SCSK Filter Driver Service) - e:\windows\system32\drivers\scskusbf.sys <Not Verified; SoftCamp; SCSKUSBf 4.0.1.6>
R3 scskusbs (USB SCSK Driver Service) - e:\windows\system32\drivers\scskusbs.sys <Not Verified; SoftCamp; SCSKUSBs 4.0.1.6>
R3 Tetris (Tetris driver) - e:\windows\system32\drivers\tetris.sys

S2 zntport (NTPort Library Driver) - e:\windows\system32\zntport.sys (file missing)
S3 EagleNT - e:\windows\system32\drivers\eaglent.sys (file missing)
S3 FreshIO - h:\prog\freshdiagnose\freshio.sys
S3 KLIF - c:\prog\pctool~1\klif.sys (file missing)
S3 scsk4 (SCSK4 Driver Service) - e:\windows\system32\drivers\scsk4.sys <Not Verified; SoftCamp Co., Inc.; SoftCamp Secure KeyStroke>
S3 XDva004 - e:\windows\system32\xdva004.sys (file missing)
S3 XTrapD12 - e:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 DomainService - e:\windows\system32\uflpuqca.exe /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-09-04 and 2007-10-04 -----------------------------

2007-10-03 21:39:22 76412 --a------ E:\WINDOWS\system32\lgdlbcwi.dll
2007-10-03 21:33:10 82964 --a------ E:\WINDOWS\system32\ymqwfikn.dll
2007-10-03 21:30:27 75284 --a------ E:\WINDOWS\system32\ltridbwa.exe <Not Verified; ; DDC>
2007-10-03 21:23:06 0 d-------- E:\WINDOWS\system32\ActiveScan
2007-10-03 21:23:04 0 d-------- E:\WINDOWS\LastGood
2007-10-03 17:56:26 82964 --a------ E:\WINDOWS\system32\giypnwod.dll
2007-10-03 17:53:34 75284 --a------ E:\WINDOWS\system32\fbyghkdt.exe <Not Verified; ; DDC>
2007-10-03 16:57:58 82964 -----n--- E:\WINDOWS\system32\dnmtpwpx.dll
2007-10-03 16:55:08 75284 --a------ E:\WINDOWS\system32\tdedrhik.exe <Not Verified; ; DDC>
2007-10-03 16:15:16 82964 --a------ E:\WINDOWS\system32\vaipaolq.dll
2007-10-03 16:12:28 75284 --a------ E:\WINDOWS\system32\kfcxdptg.exe <Not Verified; ; DDC>
2007-10-03 15:40:03 543656 ---hs---- E:\WINDOWS\system32\hgjlm.ini2
2007-10-02 22:28:47 82964 --a------ E:\WINDOWS\system32\itscdfva.dll
2007-10-02 22:25:57 75284 --a------ E:\WINDOWS\system32\cpvhguli.exe <Not Verified; ; DDC>
2007-10-02 22:23:06 75284 --a------ E:\WINDOWS\system32\iuhsdtss.exe <Not Verified; ; DDC>
2007-10-02 19:22:36 82964 --a------ E:\WINDOWS\system32\qkglxptl.dll
2007-10-02 19:19:36 75284 --a------ E:\WINDOWS\system32\kvqigrpj.exe <Not Verified; ; DDC>
2007-10-02 19:16:37 75284 --a------ E:\WINDOWS\system32\hqngeotd.exe <Not Verified; ; DDC>
2007-10-02 18:58:01 82964 --a------ E:\WINDOWS\system32\abwlxwrg.dll
2007-10-02 18:58:00 75284 --a------ E:\WINDOWS\system32\fhbdfhbp.exe <Not Verified; ; DDC>
2007-10-02 18:53:13 82964 --a------ E:\WINDOWS\system32\xydvsbfo.dll
2007-10-02 18:50:25 75284 --a------ E:\WINDOWS\system32\msvrjkxu.exe <Not Verified; ; DDC>
2007-10-02 18:47:34 75284 --a------ E:\WINDOWS\system32\wjffaynk.exe <Not Verified; ; DDC>
2007-10-02 18:23:06 82964 --a------ E:\WINDOWS\system32\ehhqxite.dll
2007-10-02 18:05:56 75284 --a------ E:\WINDOWS\system32\nykvengt.exe <Not Verified; ; DDC>
2007-10-02 17:16:23 75284 --a------ E:\WINDOWS\system32\kfoheveo.exe <Not Verified; ; DDC>
2007-10-02 17:13:24 75284 --a------ E:\WINDOWS\system32\idrunlti.exe <Not Verified; ; DDC>
2007-10-02 16:26:16 82964 --a------ E:\WINDOWS\system32\sbqqaysh.dll
2007-10-02 16:23:05 75284 --a------ E:\WINDOWS\system32\liugktpa.exe <Not Verified; ; DDC>
2007-10-02 15:50:00 82964 --a------ E:\WINDOWS\system32\ymdknvym.dll
2007-10-02 15:49:59 75284 --a------ E:\WINDOWS\system32\kplrlyop.exe <Not Verified; ; DDC>
2007-10-02 15:46:59 75284 --a------ E:\WINDOWS\system32\liildpvt.exe <Not Verified; ; DDC>
2007-10-02 07:43:56 75284 --a------ E:\WINDOWS\system32\oqjxmygl.exe <Not Verified; ; DDC>
2007-10-02 07:40:57 75284 --a------ E:\WINDOWS\system32\leemlqxm.exe <Not Verified; ; DDC>
2007-10-02 07:21:28 82964 --a------ E:\WINDOWS\system32\cmaudyql.dll
2007-10-02 07:20:30 314368 --a------ E:\WINDOWS\uninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-10-02 07:18:28 75284 --a------ E:\WINDOWS\system32\oxbpsifa.exe <Not Verified; ; DDC>
2007-10-02 07:15:35 75284 --a------ E:\WINDOWS\system32\otgambbm.exe <Not Verified; ; DDC>
2007-10-02 02:20:15 75284 --a------ E:\WINDOWS\system32\pjfgbnoj.exe <Not Verified; ; DDC>
2007-10-02 01:10:14 82964 --a------ E:\WINDOWS\system32\rwpkrfhf.dll
2007-10-02 01:04:20 75284 --a------ E:\WINDOWS\system32\smhrxgch.exe <Not Verified; ; DDC>
2007-10-02 01:00:42 82964 --a------ E:\WINDOWS\system32\vrpifpcc.dll
2007-10-02 00:57:43 121364 --a------ E:\WINDOWS\system32\ukwhuvtf.dll
2007-10-02 00:57:41 75284 --a------ E:\WINDOWS\system32\powoncmw.exe <Not Verified; ; DDC>
2007-10-02 00:54:42 75284 --a------ E:\WINDOWS\system32\pbggysns.exe <Not Verified; ; DDC>
2007-10-02 00:42:17 82964 --a------ E:\WINDOWS\system32\lwnenddr.dll
2007-10-02 00:36:25 75284 --a------ E:\WINDOWS\system32\onburapy.exe <Not Verified; ; DDC>
2007-10-02 00:02:59 82964 --a------ E:\WINDOWS\system32\eycqhfep.dll
2007-10-01 23:54:14 75284 --a------ E:\WINDOWS\system32\fxxhumhy.exe <Not Verified; ; DDC>
2007-10-01 19:56:18 82964 --a------ E:\WINDOWS\system32\psohepkw.dll
2007-10-01 19:56:17 75284 --a------ E:\WINDOWS\system32\jklgroey.exe <Not Verified; ; DDC>
2007-09-29 19:56:16 75284 --a------ E:\WINDOWS\system32\ejgrubuq.exe <Not Verified; ; DDC>
2007-09-29 16:17:20 76412 --a------ E:\WINDOWS\system32\sjyicoxy.dll
2007-09-28 19:59:29 159764 --a------ E:\WINDOWS\system32\fbbaphgd.dll
2007-09-28 19:59:29 139264 --a------ E:\WINDOWS\system32\bot007dll.dll
2007-09-28 19:53:26 75284 --a------ E:\WINDOWS\system32\oacuotcf.exe <Not Verified; ; DDC>
2007-09-28 14:16:35 82964 --a------ E:\WINDOWS\system32\swrchtgw.dll
2007-09-28 14:16:34 75284 --a------ E:\WINDOWS\system32\iqgfjfkq.exe <Not Verified; ; DDC>
2007-09-28 01:43:50 75284 --a------ E:\WINDOWS\system32\kcwqwuhj.exe <Not Verified; ; DDC>
2007-09-27 01:43:52 121364 --a------ E:\WINDOWS\system32\dsvdwpox.dll
2007-09-27 01:43:51 75284 --a------ E:\WINDOWS\system32\rvpdsvto.exe <Not Verified; ; DDC>
2007-09-26 01:41:00 75284 --a------ E:\WINDOWS\system32\nrthpspj.exe <Not Verified; ; DDC>
2007-09-25 22:19:04 82964 --a------ E:\WINDOWS\system32\idrqgdir.dll
2007-09-25 22:18:23 75284 --a------ E:\WINDOWS\system32\pvagcrki.exe <Not Verified; ; DDC>
2007-09-25 20:05:42 0 d-------- E:\Programfiler\PartyGaming
2007-09-24 22:18:55 75284 --a------ E:\WINDOWS\system32\nmlveplx.exe <Not Verified; ; DDC>
2007-09-23 22:18:56 75284 --a------ E:\WINDOWS\system32\sjrbrevh.exe <Not Verified; ; DDC>
2007-09-22 22:18:56 121364 --a------ E:\WINDOWS\system32\prgiokyt.dll
2007-09-22 22:18:55 75284 --a------ E:\WINDOWS\system32\uwitueck.exe <Not Verified; ; DDC>
2007-09-22 16:15:55 76412 --a------ E:\WINDOWS\system32\rshdiqsk.dll
2007-09-21 22:15:55 75284 --a------ E:\WINDOWS\system32\gyumvjef.exe <Not Verified; ; DDC>
2007-09-20 22:20:31 82964 --a------ E:\WINDOWS\system32\tknjijuh.dll
2007-09-20 22:17:31 75284 --a------ E:\WINDOWS\system32\mnqliefp.exe <Not Verified; ; DDC>
2007-09-20 19:44:31 0 d-------- E:\Programfiler\Fellesfiler\Teleca Shared
2007-09-19 22:17:39 75284 --a------ E:\WINDOWS\system32\fbltsjnu.exe <Not Verified; ; DDC>
2007-09-18 22:17:41 120852 --a------ E:\WINDOWS\system32\bihdlfer.dll
2007-09-18 22:17:39 75284 --a------ E:\WINDOWS\system32\lngjbgpw.exe <Not Verified; ; DDC>
2007-09-17 22:16:31 125460 --a------ E:\WINDOWS\system32\ugcrutrl.dll
2007-09-17 22:16:29 75284 --a------ E:\WINDOWS\system32\xeyhgjca.exe <Not Verified; ; DDC>
2007-09-16 22:19:29 121364 --a------ E:\WINDOWS\system32\syvaetvb.dll
2007-09-16 22:16:29 75284 --a------ E:\WINDOWS\system32\vdokykql.exe <Not Verified; ; DDC>
2007-09-15 22:16:29 75284 --a------ E:\WINDOWS\system32\dqolynfj.exe <Not Verified; ; DDC>
2007-09-15 16:16:29 76412 --a------ E:\WINDOWS\system32\nngathro.dll
2007-09-14 22:16:29 75284 --a------ E:\WINDOWS\system32\gemdjeuy.exe <Not Verified; ; DDC>
2007-09-13 22:16:02 125460 --a------ E:\WINDOWS\system32\qvjtfxap.dll
2007-09-13 22:16:00 75284 --a------ E:\WINDOWS\system32\jmueauqw.exe <Not Verified; ; DDC>
2007-09-12 22:15:59 75284 --a------ E:\WINDOWS\system32\vmucrgsl.exe <Not Verified; ; DDC>
2007-09-11 22:15:59 75284 --a------ E:\WINDOWS\system32\moqblabe.exe <Not Verified; ; DDC>
2007-09-11 18:38:29 0 d-------- E:\WINDOWS\SxsCaPendDel
2007-09-10 22:15:41 75284 --a------ E:\WINDOWS\system32\chiwebmt.exe <Not Verified; ; DDC>
2007-09-09 22:21:42 121876 --a------ E:\WINDOWS\system32\cpkhyint.dll
2007-09-09 22:15:41 75284 --a------ E:\WINDOWS\system32\vgnkrbbg.exe <Not Verified; ; DDC>
2007-09-08 22:15:39 75284 --a------ E:\WINDOWS\system32\igceuijs.exe <Not Verified; ; DDC>
2007-09-08 16:15:18 76412 --a------ E:\WINDOWS\system32\bxkpyava.dll
2007-09-07 22:14:09 75284 --a------ E:\WINDOWS\system32\vrtnddhf.exe <Not Verified; ; DDC>
2007-09-06 22:19:45 120852 --a------ E:\WINDOWS\system32\roduhyff.dll
2007-09-06 22:16:43 75284 --a------ E:\WINDOWS\system32\gcdbured.exe <Not Verified; ; DDC>
2007-09-06 22:13:55 552400 ---hs---- E:\WINDOWS\system32\hgjlm.bak2
2007-09-05 22:15:36 75284 --a------ E:\WINDOWS\system32\paixxldh.exe <Not Verified; ; DDC>
2007-09-04 22:14:07 0 --a------ E:\WINDOWS\system32\SBRC.dat
2007-09-04 22:14:07 0 --a------ E:\WINDOWS\system32\SBFC.dat
2007-09-04 22:13:43 548190 ---hs---- E:\WINDOWS\system32\hgjlm.bak1
2007-09-04 22:13:35 263220 ---hs---- E:\WINDOWS\system32\mljgh.dll
2007-09-04 19:44:44 75284 --a------ E:\WINDOWS\system32\dqlfnbay.exe <Not Verified; ; DDC>


-- Find3M Report ---------------------------------------------------------------

2007-10-03 21:32:54 0 d-------- E:\Programfiler\MSN Messenger
2007-10-03 08:08:02 0 d-------- E:\Documents and Settings\Per_Killer\Programdata\BitTorrent
2007-09-30 00:17:38 43520 --a------ E:\WINDOWS\system32\CmdLineExt03.dll
2007-09-28 13:18:58 399248 --a------ E:\WINDOWS\system32\perfh014.dat
2007-09-28 13:18:58 68228 --a------ E:\WINDOWS\system32\perfc014.dat
2007-09-24 02:30:06 0 d-------- E:\Documents and Settings\Per_Killer\Programdata\uqm
2007-09-20 19:44:31 0 d-------- E:\Programfiler\Fellesfiler
2007-09-11 18:37:58 0 d--h----- E:\Programfiler\InstallShield Installation Information
2007-09-04 21:33:28 675139 ---hs---- E:\WINDOWS\system32\tttss.ini2
2007-09-04 19:46:22 0 d-------- E:\Documents and Settings\Per_Killer\Programdata\Sunbelt Software
2007-09-04 19:42:55 680567 ---hs---- E:\WINDOWS\system32\tttss.bak2
2007-09-03 19:22:10 75284 --a------ E:\WINDOWS\system32\mjuthuqd.exe <Not Verified; ; DDC>
2007-09-02 16:16:07 75284 --a------ E:\WINDOWS\system32\cxwvcsae.exe <Not Verified; ; DDC>
2007-09-02 16:13:55 688006 ---hs---- E:\WINDOWS\system32\tttss.bak1
2007-09-01 16:21:59 120852 --a------ E:\WINDOWS\system32\jtsknajp.dll
2007-09-01 16:15:56 76412 --a------ E:\WINDOWS\system32\yyyenujt.dll
2007-09-01 16:15:54 75284 --a------ E:\WINDOWS\system32\kqobxyhm.exe <Not Verified; ; DDC>
2007-08-31 19:28:33 0 d-------- E:\Documents and Settings\Per_Killer\Programdata\dvdcss
2007-08-31 16:15:54 75284 --a------ E:\WINDOWS\system32\evcbbhfc.exe <Not Verified; ; DDC>
2007-08-31 15:42:51 46 --a------ E:\WINDOWS\popcinfo.dat
2007-08-30 16:15:54 75284 --a------ E:\WINDOWS\system32\rncmsaun.exe <Not Verified; ; DDC>
2007-08-29 16:15:54 75284 --a------ E:\WINDOWS\system32\csyeqcid.exe <Not Verified; ; DDC>
2007-08-28 16:13:30 75284 --a------ E:\WINDOWS\system32\xjkptnlj.exe <Not Verified; ; DDC>
2007-08-28 16:06:25 75284 --a------ E:\WINDOWS\system32\vijpidqq.exe <Not Verified; ; DDC>
2007-08-28 00:41:59 125460 --a------ E:\WINDOWS\system32\qkcrgpej.dll
2007-08-28 00:39:33 0 d-------- E:\Documents and Settings\Per_Killer\Programdata\Skype
2007-08-27 03:37:38 125460 --a------ E:\WINDOWS\system32\ofhbyjml.dll
2007-08-26 20:22:18 125460 --a------ E:\WINDOWS\system32\okfktosj.dll
2007-08-25 16:11:19 125460 --a------ E:\WINDOWS\system32\fntoentc.dll
2007-08-25 16:08:19 76412 --a------ E:\WINDOWS\system32\qdtthdtn.dll
2007-08-25 16:02:25 124436 --a------ E:\WINDOWS\system32\mmvsfhwu.dll
2007-08-25 07:18:43 125460 --a------ E:\WINDOWS\system32\cjqxlgwl.dll
2007-08-23 22:04:02 76412 --a------ E:\WINDOWS\system32\awjwvrya.dll
2007-08-23 18:46:00 125460 --a------ E:\WINDOWS\system32\sfrhrjtq.dll
2007-08-19 18:46:01 121364 --a------ E:\WINDOWS\system32\nnovnfgg.dll
2007-08-19 15:14:26 118784 --a------ E:\WINDOWS\system32\SeismoSaver.scr <Not Verified; NuGardt Software; SeismoSaver 2>
2007-08-16 22:07:23 125460 --a------ E:\WINDOWS\system32\mdvxqeww.dll
2007-08-16 22:04:23 76412 --a------ E:\WINDOWS\system32\abytaqwy.dll
2007-08-16 22:01:31 75284 --a------ E:\WINDOWS\system32\ltdlsypp.exe <Not Verified; ; DDC>
2007-08-15 23:48:42 125460 --a------ E:\WINDOWS\system32\fegrlpdi.dll
2007-08-15 23:48:13 75284 --a------ E:\WINDOWS\system32\mupklktv.exe <Not Verified; ; DDC>
2007-08-14 23:45:59 75284 --a------ E:\WINDOWS\system32\vfwpshhd.exe <Not Verified; ; DDC>
2007-08-14 19:45:16 75284 --a------ E:\WINDOWS\system32\dpjxyycr.exe <Not Verified; ; DDC>
2007-08-14 15:40:11 125460 --a------ E:\WINDOWS\system32\xmdiclew.dll
2007-08-14 15:37:14 75284 --a------ E:\WINDOWS\system32\cucegmbx.exe <Not Verified; ; DDC>
2007-08-14 01:50:36 125460 --a------ E:\WINDOWS\system32\pentanuc.dll
2007-08-14 01:47:35 75284 --a------ E:\WINDOWS\system32\ptonhjbe.exe <Not Verified; ; DDC>
2007-08-13 02:15:17 125460 --a------ E:\WINDOWS\system32\kxdqmmfw.dll
2007-08-13 02:12:51 75284 --a------ E:\WINDOWS\system32\kkgypduj.exe <Not Verified; ; DDC>
2007-08-12 22:25:24 76412 --a------ E:\WINDOWS\system32\myxvctpw.dll
2007-08-12 07:40:32 75284 --a------ E:\WINDOWS\system32\tytdcaxy.exe <Not Verified; ; DDC>
2007-08-12 00:25:41 125460 --a------ E:\WINDOWS\system32\rjwmrsxw.dll
2007-08-12 00:25:40 75284 --a------ E:\WINDOWS\system32\rtitualw.exe <Not Verified; ; DDC>
2007-08-11 00:28:43 120852 --a------ E:\WINDOWS\system32\gnwngprs.dll
2007-08-11 00:25:41 75284 --a------ E:\WINDOWS\system32\wkyprsqk.exe <Not Verified; ; DDC>
2007-08-10 19:06:31 35546 --a------ E:\WINDOWS\DIIUnin.dat
2007-08-10 18:52:17 21840 --a------ E:\WINDOWS\system32\SIntfNT.dll
2007-08-10 18:52:17 17212 --a------ E:\WINDOWS\system32\SIntf32.dll
2007-08-10 18:52:17 12067 --a------ E:\WINDOWS\system32\SIntf16.dll
2007-08-10 18:43:06 2829 --a------ E:\WINDOWS\DIIUnin.pif
2007-08-10 18:43:06 94208 --a------ E:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2007-08-10 00:23:35 75284 --a------ E:\WINDOWS\system32\hhqpckqj.exe <Not Verified; ; DDC>
2007-08-07 08:51:39 66068 --a------ E:\WINDOWS\system32\qwbtpbal.exe
2007-08-07 08:48:58 66068 --a------ E:\WINDOWS\system32\mlndeiei.exe
2007-08-07 01:21:13 66068 --a------ E:\WINDOWS\system32\sbyrixpf.exe
2007-08-06 01:21:15 120852 --a------ E:\WINDOWS\system32\dabolmqx.dll
2007-08-06 01:21:13 66068 --a------ E:\WINDOWS\system32\grrurwrs.exe
2007-08-05 22:24:14 76412 --a------ E:\WINDOWS\system32\eunhfktc.dll
2007-08-05 01:21:13 66068 --a------ E:\WINDOWS\system32\lvkdphdh.exe
2007-08-04 01:18:19 66068 --a------ E:\WINDOWS\system32\tvgmbxkg.exe
2007-08-04 01:15:35 66068 --a------ E:\WINDOWS\system32\mqkpktgd.exe
2007-08-03 01:15:35 125460 --a------ E:\WINDOWS\system32\eiqlildg.dll
2007-08-03 01:13:02 66068 --a------ E:\WINDOWS\system32\kxtatacj.exe
2007-08-03 00:49:53 66068 --a------ E:\WINDOWS\system32\gplwegek.exe
2007-08-01 22:18:14 66068 --a------ E:\WINDOWS\system32\bjsjnxqe.exe
2007-07-31 22:18:14 66068 --a------ E:\WINDOWS\system32\ktrodfkv.exe
2007-07-30 22:18:14 66068 --a------ E:\WINDOWS\system32\psucbaht.exe
2007-07-29 22:26:02 69140 --a------ E:\WINDOWS\system32\trxxmaxe.dll
2007-07-29 22:23:02 76412 --a------ E:\WINDOWS\system32\ykipwxms.dll
2007-07-29 22:20:02 66068 --a------ E:\WINDOWS\system32\hrnaftqh.exe
2007-07-29 22:17:29 66068 --a------ E:\WINDOWS\system32\cphtrkkx.exe
2007-07-25 03:08:33 66580 --a------ E:\WINDOWS\system32\kdahqcqp.dll
2007-07-25 03:02:45 66068 --a------ E:\WINDOWS\system32\mpypqhyw.exe
2007-07-24 17:20:35 66580 --a------ E:\WINDOWS\system32\opyecmah.dll
2007-07-24 17:20:29 66068 --a------ E:\WINDOWS\system32\lxxeahxx.exe
2007-07-24 17:20:29 125972 --a------ E:\WINDOWS\system32\cewcmdue.dll
2007-07-23 17:26:28 66580 --a------ E:\WINDOWS\system32\pwomddhf.dll
2007-07-23 17:20:28 66068 --a------ E:\WINDOWS\system32\mlmkdanc.exe
2007-07-22 17:27:09 66580 --a------ E:\WINDOWS\system32\eyfjvfyx.dll
2007-07-22 17:21:09 66068 --a------ E:\WINDOWS\system32\veoqhfns.exe
2007-07-21 04:27:10 66580 --a------ E:\WINDOWS\system32\xdwoqtrl.dll
2007-07-21 04:24:12 125460 --a------ E:\WINDOWS\system32\rhxlmbef.dll
2007-07-21 04:24:09 66068 --a------ E:\WINDOWS\system32\hlpyncvb.exe
2007-07-20 18:36:09 76412 --a------ E:\WINDOWS\system32\tgujjenv.dll
2007-07-20 04:27:09 66580 --a------ E:\WINDOWS\system32\ldvlldnr.dll
2007-07-20 04:24:09 66068 --a------ E:\WINDOWS\system32\pbxamtgv.exe
2007-07-19 04:24:13 66580 --a------ E:\WINDOWS\system32\fgitjwaw.dll
2007-07-19 04:24:12 66068 --a------ E:\WINDOWS\system32\cgfbwpkr.exe
2007-07-18 04:24:14 66580 --a------ E:\WINDOWS\system32\vfscxrea.dll
2007-07-18 04:21:16 66068 --a------ E:\WINDOWS\system32\ekvwtqvy.exe
2007-07-17 17:05:05 66580 --a------ E:\WINDOWS\system32\xqwjmgsj.dll
2007-07-17 17:05:01 124436 --a------ E:\WINDOWS\system32\iqwcvnjv.dll
2007-07-17 17:05:00 66068 --a------ E:\WINDOWS\system32\aoytdhdf.exe
2007-07-17 17:02:00 66068 --a------ E:\WINDOWS\system32\fhypxkha.exe
2007-07-17 06:14:27 66580 --a------ E:\WINDOWS\system32\tdjpsjda.dll
2007-07-17 06:14:26 66068 --a------ E:\WINDOWS\system32\fdmgkpnq.exe
2007-07-16 06:14:31 66580 --a------ E:\WINDOWS\system32\wimuwtfh.dll
2007-07-16 06:14:27 124436 --a------ E:\WINDOWS\system32\qtmjtjvx.dll
2007-07-16 06:11:42 66068 --a------ E:\WINDOWS\system32\ohjvwunl.exe
2007-07-16 02:34:42 124436 --a------ E:\WINDOWS\system32\xywprssm.dll
2007-07-16 02:31:41 66580 --a------ E:\WINDOWS\system32\rkeefaot.dll
2007-07-16 02:29:59 66068 --a------ E:\WINDOWS\system32\eqxdvwbi.exe
2007-07-15 14:45:45 66580 --a------ E:\WINDOWS\system32\edlnwxgr.dll
2007-07-15 14:42:46 124436 --a------ E:\WINDOWS\system32\rdcllipk.dll
2007-07-15 14:39:44 66068 --a------ E:\WINDOWS\system32\oobdhlig.exe
2007-07-14 15:47:08 737280 --a------ E:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-07-14 15:32:28 528 -r-hs---- E:\WINDOWS\egirllic151
2007-07-14 14:39:47 66580 --a------ E:\WINDOWS\system32\snhcduqj.dll
2007-07-14 14:39:45 66068 --a------ E:\WINDOWS\system32\dqwhtill.exe
2007-07-13 18:36:44 76412 --a------ E:\WINDOWS\system32\hyydlxao.dll
2007-07-13 14:42:44 66580 --a------ E:\WINDOWS\system32\rcnuxdhn.dll
2007-07-13 14:39:44 66068 --a------ E:\WINDOWS\system32\lmvfamku.exe
2007-07-12 14:38:44 66580 --a------ E:\WINDOWS\system32\uvrmjwvj.dll
2007-07-12 14:38:40 66068 --a------ E:\WINDOWS\system32\djqiwoev.exe
2007-07-08 18:32:27 50708 --a------ E:\WINDOWS\system32\elwkgeon.exe <Not Verified; ; DDC>
2007-07-07 18:32:28 50708 --a------ E:\WINDOWS\system32\qeqccmvv.exe <Not Verified; ; DDC>
2007-07-06 18:36:05 76412 --a------ E:\WINDOWS\system32\kryjajhg.dll
2007-07-06 18:30:18 50708 --a------ E:\WINDOWS\system32\rqplvuua.exe <Not Verified; ; DDC>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02633FD6-4FBE-47B1-8966-7C223969A25B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{709AFF26-6BB0-4AD3-A3A3-1286592465D6}]
05/26/2007 04:00 AM 29206 --a------ E:\WINDOWS\system32\nnnomml.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B5CFE0B-BE3B-4552-811D-84539C0DCFA5}]
09/04/2007 10:13 PM 263220 ---hs---- E:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
07/29/2007 10:26 PM 69140 --a------ E:\WINDOWS\system32\trxxmaxe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E980DD43-BEDE-46DD-BC03-BB7B85544898}]
10/02/2007 12:57 AM 121364 --a------ E:\WINDOWS\system32\ukwhuvtf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="H:\Prog\Java\bin\jusched.exe" [07/12/2007 04:00 AM]
"LVCOMSX"="E:\WINDOWS\system32\LVCOMSX.EXE" [10/08/2004 11:52 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [08/11/2006 09:43 PM]
"nwiz"="nwiz.exe" [08/11/2006 09:43 PM E:\WINDOWS\system32\nwiz.exe]
"Smapp"="E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe" [05/05/2003 08:57 AM]
"QuickTime Task"="E:\Programfiler\QuickTime\qttask.exe" [04/30/2006 01:05 PM]
"PKR Pal"="H:\Sindre\Spill\PKR\pkrpal.exe" [09/19/2007 12:18 AM]
"PWRISOVM.EXE"="H:\Prog\PowerISO\PWRISOVM.EXE" [08/07/2007 02:05 AM]
"SearchIndexer"="E:\WINDOWS\system32\ymqwfikn.dll" [10/03/2007 09:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="E:\Programfiler\MSN Messenger\MsnMsgr.exe" [01/19/2007 01:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*CmaudioMon"=rundll32.exe bot007dll.dll,_EntryPoint@16

E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [12:00:00 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{709AFF26-6BB0-4AD3-A3A3-1286592465D6}"= E:\WINDOWS\system32\nnnomml.dll [05/26/2007 04:00 AM 29206]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
E:\WINDOWS\system32\mljgh.dll 09/04/2007 10:13 PM 263220 E:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnomml]
nnnomml.dll 05/26/2007 04:00 AM 29206 E:\WINDOWS\system32\nnnomml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttt]
E:\WINDOWS\system32\ssttt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
C:\Prog\PestPatrol\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Prog\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Prog\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Prog\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Prog\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Prog\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Prog\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"E:\Programfiler\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
C:\Prog\PestPatrol\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
C:\Prog\PestPatrol\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Programfiler\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
E:\Programfiler\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Sindre\Spill\Steam\\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2007-10-04 02:33:18 ------------
 

Attachments

See less See more
#2 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Hello and welcome to TSF :smile:

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply.
  • Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

Expected logs:

Combofix.txt
HijackThis log
 
#3 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Thank you for a reply. I downloaded combofix, stored it directly onto my desktop before I executed it. However, after afew seconds this message is displayed, with the title "Comspec error": "The COMSPEC enviroment variable was found to be corrupt. Combofix have attempted repairs and will need to restart." I press OK and the program restarts itself, but the same message hits.
Pandascan have been allowed to do its search for about 15 hours now. It gets really really slow in '//windows/system32' and I was just forced to close it down as it seemed to be getting nowhere. But before I did, it found 67 spyware, 1 dialer and acouple of viruses.. However since it won't finish, it didn't generate a log for me.

Hijackthis log:
------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:20 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
H:\Prog\Java\bin\jusched.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
E:\Programfiler\MSN Messenger\MsnMsgr.Exe
E:\Programfiler\MSN Messenger\usnsvc.exe
C:\Prog\Mirc\mirc.exe
E:\WINDOWS\explorer.exe
E:\Programfiler\iPod\bin\iPodService.exe
E:\Programfiler\Internet Explorer\iexplore.exe
C:\Prog\Adobe Reader\Reader\AcroRd32.exe
E:\WINDOWS\system32\wisptis.exe
E:\Programfiler\Internet Explorer\iexplore.exe
H:\Prog\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - H:\Prog\SnagIt\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Prog\Java\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "H:\Sindre\Spill\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Prog\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "E:\WINDOWS\system32\ymqwfikn.dll",sitypnow
O4 - HKLM\..\RunOnce: [*CmaudioMon] rundll32.exe bot007dll.dll,_EntryPoint@16
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = H:\Sindre\Spill\Dark Messiah\Dark Messiah of Might and Magic\RegistrationReminder.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Prog\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Prog\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - E:\Programfiler\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://rcade.skilljam.com/ssp/SkillJamLoader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\uflpuqca.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7680 bytes


Thank you, and hopefully something can be done to make the combofix thing run properly.. I really don't know >.<
 
#4 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

downloaded combofix, stored it directly onto my desktop before I executed it. However, after afew seconds this message is displayed, with the title "Comspec error": "The COMSPEC enviroment variable was found to be corrupt. Combofix have attempted repairs and will need to restart." I press OK and the program restarts itself, but the same message hits.
Try running it in safe mode.

Also, it's possible that it has done its job, even with the error message. Please take a look at E:\ (root) drive if you can find E:\combofix.txt.
 
#5 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Combofix' log:

ComboFix 07-10-04.5 - Per_Killer 2007-10-04 18:32:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1164 [GMT 2:00]
Running from: E:\Documents and Settings\Per_Killer\Skrivebord\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 18:07 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-04 02:29 <DIR> d-------- E:\Deckard
2007-10-03 21:23 <DIR> d-------- E:\WINDOWS\system32\ActiveScan
2007-10-02 18:08 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\Prevx
2007-10-02 07:20 314,368 --a------ E:\WINDOWS\uninst.exe
2007-09-28 19:59 159,764 --a------ E:\WINDOWS\system32\fbbaphgd.dll
2007-09-28 19:59 139,264 --a------ E:\WINDOWS\system32\bot007dll.dll
2007-09-25 20:05 <DIR> d-------- E:\Programfiler\PartyGaming
2007-09-20 19:44 <DIR> d-------- E:\Programfiler\Fellesfiler\Teleca Shared
2007-09-18 17:28 <DIR> d-------- E:\Documents and Settings\Per_Killer\Programdata\uqm
2007-09-11 18:39 22,328 --a------ E:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-11 18:39 22,328 --a------ E:\Documents and Settings\Per_Killer\Programdata\PnkBstrK.sys
2007-09-11 18:38 66,872 --a------ E:\WINDOWS\system32\PnkBstrA.exe
2007-09-11 18:38 103,736 --a------ E:\WINDOWS\system32\PnkBstrB.exe
2007-09-11 18:38 <DIR> d-------- E:\WINDOWS\SxsCaPendDel
2007-09-04 22:14 0 --a------ E:\WINDOWS\system32\SBRC.dat
2007-09-04 22:14 0 --a------ E:\WINDOWS\system32\SBFC.dat
2007-09-04 19:46 <DIR> d-------- E:\Documents and Settings\Per_Killer\Programdata\Sunbelt Software
2007-09-04 07:20 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\Nexon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 03:18 --------- d-------- E:\Programfiler\QuickTime
2007-10-04 03:18 --------- d-------- E:\Programfiler\MSN Messenger
2007-10-03 22:54 83160 --a------ E:\WINDOWS\system32\drivers\scskusbs.sys
2007-10-03 22:54 19504 --a------ E:\WINDOWS\system32\drivers\scskusbf.sys
2007-10-03 08:08 --------- d-------- E:\Documents and Settings\Per_Killer\Programdata\BitTorrent
2007-09-30 00:17 43520 --a------ E:\WINDOWS\system32\CmdLineExt03.dll
2007-09-11 18:37 --------- d--h----- E:\Programfiler\InstallShield Installation Information
2007-08-31 19:28 --------- d-------- E:\Documents and Settings\Per_Killer\Programdata\dvdcss
2007-08-28 00:39 --------- d-------- E:\Documents and Settings\Per_Killer\Programdata\Skype
2007-08-19 15:14 118784 --a------ E:\WINDOWS\system32\SeismoSaver.scr
2007-08-10 18:52 21840 --a------ E:\WINDOWS\system32\SIntfNT.dll
2007-08-10 18:52 17212 --a------ E:\WINDOWS\system32\SIntf32.dll
2007-08-10 18:52 12067 --a------ E:\WINDOWS\system32\SIntf16.dll
2007-08-10 18:43 94208 --a------ E:\WINDOWS\DIIUnin.exe
2007-08-07 02:15 33052 --a------ E:\WINDOWS\system32\drivers\scdemu.sys
2007-07-14 15:47 737280 --a------ E:\WINDOWS\iun6002.exe
2005-12-04 18:42 560 --a------ E:\Programfiler\Global.sw
2002-10-04 15:09 204800 --a------ E:\WINDOWS\inf\FXPlugin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02633FD6-4FBE-47B1-8966-7C223969A25B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FCD79D-EDAF-40E5-907D-BF939AB1320E}]
E:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="H:\Prog\Java\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="E:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 E:\WINDOWS\system32\nwiz.exe]
"Smapp"="E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"QuickTime Task"="E:\Programfiler\QuickTime\qttask.exe" [2006-04-30 13:05]
"PKR Pal"="H:\Sindre\Spill\PKR\pkrpal.exe" [2007-09-19 00:18]
"PWRISOVM.EXE"="H:\Prog\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="E:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
E:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnomml]
nnnomml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttt]
E:\WINDOWS\system32\ssttt.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
C:\Prog\PestPatrol\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Prog\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Prog\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Prog\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Prog\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Prog\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Prog\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"E:\Programfiler\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
C:\Prog\PestPatrol\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
C:\Prog\PestPatrol\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Programfiler\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
E:\Programfiler\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Sindre\Spill\Steam\\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)

R0 viamraid;viamraid;E:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 CdaD10BA;CdaD10BA;\??\E:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 ithsgt;ithsgt;E:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 lilsgt;lilsgt;E:\WINDOWS\system32\DRIVERS\lilsgt.sys
R3 scskusbf;USB SCSK Filter Driver Service;E:\WINDOWS\system32\drivers\scskusbf.sys
R3 Tetris;Tetris driver;E:\WINDOWS\system32\Drivers\Tetris.sys
S3 ATITUNEP;ATI WDM TV Tuner;E:\WINDOWS\system32\DRIVERS\atineuxx.sys
S3 ativraxx;ATI WDM Rage Theater Audio;E:\WINDOWS\system32\DRIVERS\atinraxx.sys
S3 ATIXSAudio;ATI WDM TV Audio Crossbar;E:\WINDOWS\system32\DRIVERS\atinesxx.sys
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);E:\WINDOWS\system32\drivers\ES1370MP.sys
S3 FreshIO;FreshIO;\??\H:\Prog\FreshDiagnose\FreshIO.sys
S3 scsk4;SCSK4 Driver Service;E:\WINDOWS\system32\drivers\scsk4.sys
S3 scskusbs;USB SCSK Driver Service;E:\WINDOWS\system32\drivers\scskusbs.sys
S3 TTDec;ATI WDM Teletext Decoder;E:\WINDOWS\system32\DRIVERS\ATINTTXX.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\SETUP.EXE

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 18:34:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 18:36:10
E:\ComboFix-quarantined-files.txt ... 2007-10-04 18:35
.
--- E O F ---
 
#7 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:14 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
H:\Prog\Java\bin\jusched.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
E:\Programfiler\QuickTime\qttask.exe
H:\Prog\PowerISO\PWRISOVM.EXE
E:\Programfiler\MSN Messenger\MsnMsgr.Exe
E:\Programfiler\MSN Messenger\usnsvc.exe
E:\WINDOWS\system32\wuauclt.exe
H:\Prog\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - H:\Prog\SnagIt\SnagItBHO.dll
O2 - BHO: (no name) - {02633FD6-4FBE-47B1-8966-7C223969A25B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Prog\Java\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {87FCD79D-EDAF-40E5-907D-BF939AB1320E} - E:\WINDOWS\system32\mljgh.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - H:\Prog\SnagIt\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Prog\Java\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "H:\Sindre\Spill\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Prog\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = H:\Sindre\Spill\Dark Messiah\Dark Messiah of Might and Magic\RegistrationReminder.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Prog\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Prog\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - E:\Programfiler\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://rcade.skilljam.com/ssp/SkillJamLoader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: mljgh - E:\WINDOWS\system32\mljgh.dll (file missing)
O20 - Winlogon Notify: nnnomml - nnnomml.dll (file missing)
O20 - Winlogon Notify: ssttt - E:\WINDOWS\system32\ssttt.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7951 bytes
 
#8 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Hi,

I notice that you are using BitTorrent, which is a p2p file sharing program. I would like to warn you strongly that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove it from your system via Add/Remove Programs in Control Panel.

=============================

Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath:

E:\WINDOWS\system32\bot007dll.dll

Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

Please do the same for these:

E:\WINDOWS\inf\FXPlugin.dll
E:\WINDOWS\system32\fbbaphgd.dll

=============================

Using Windows Explorer (right click on Start, click on Explore), locate and delete the following folder:

E:\Programfiler\Global.sw

=============================

Scan with HijackThis and put a checkmark against the following entries:

O2 - BHO: (no name) - {02633FD6-4FBE-47B1-8966-7C223969A25B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {87FCD79D-EDAF-40E5-907D-BF939AB1320E} - E:\WINDOWS\system32\mljgh.dll (file missing)

O20 - Winlogon Notify: mljgh - E:\WINDOWS\system32\mljgh.dll (file missing)
O20 - Winlogon Notify: nnnomml - nnnomml.dll (file missing)
O20 - Winlogon Notify: ssttt - E:\WINDOWS\system32\ssttt.dll (file missing)

Please see my note about the Poker games for the next entries. If you choose to remove them, first try removing them via Add/Remove Programs in Control Panel, then have these lines fixed with HijackThis if they are still present.

O4 - HKLM\..\Run: [PKR Pal] "H:\Sindre\Spill\PKR\pkrpal.exe" -osboot
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - E:\Documents and Settings\Per_Killer\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programfiler\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programfiler\PartyGaming\PartyPoker\RunApp.exe


The following activeX controls( Downloaded Program Files)will reinstall when(and if) you revisit that website,
UNLESS you know they are from a safe source, alse check these to remove.

O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://rcade.skilljam.com/ssp/SkillJamLoader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx


Close all browsers/windows other than HijackThis and click on "fix checked".

============================

Note about poker games:

You appear to be a fan of games. but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. If you did not install these programs yourself, or you do not use them any more, I would definitely recommend that you uninstall them from your computer, even if it is simply a precautionary measure. The amount of different poker software which arises on the internet means it is impossible to keep track of which ones are infected and which ones are not. If you do use the software, and wish to continue doing so, please ignore this. If you do decide to go ahead and remove the poker software, you should be able uninstall them via add/remove which can be found in the control panel. Let me know if you have any problems whilst doing so.
Here are links to some poker sites regarded as safe for your reference.

* http://www.pokerstars.net/ - This is a free to use/play site.
* http://www.pokerstars.com - This is the paid for version.

=============================

Restart your computer.

=============================

Please post a fresh HijackThis log and the Jotti and/or Virus Total results.
 
#9 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Jolti:

Service load: 0% 100%

File: bot007dll.dll_
Status: INFECTED/MALWARE
MD5: 68a25cccc8c5773555b4565f368a8a27
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 04 Oct 2007 22:00:44 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Malware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Generic.Malware.SM!H@mmg.46B768CE
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found DLOADER.Trojan (probable variant)
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Malware.AXCV
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Behav-010
VirusBuster Found nothing
VBA32 Found nothing


-----
Service load: 0% 100%

File: FXPlugin.dll
Status: OK
MD5: e0f02c46b736866968f1d33949a060d5
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 04 Oct 2007 22:06:55 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


--------
Service load: 0% 100%

File: fbbaphgd.dll
Status: INFECTED/MALWARE
MD5: 05bbcd40d30265d3180eb391189e05e7
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 04 Oct 2007 22:10:19 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Malware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found DLOADER.Trojan (probable variant)
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Behav-010
VirusBuster Found nothing
VBA32 Found nothing




Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:29 AM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
H:\Prog\Java\bin\jusched.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
E:\Programfiler\QuickTime\qttask.exe
H:\Prog\PowerISO\PWRISOVM.EXE
E:\Programfiler\MSN Messenger\MsnMsgr.Exe
H:\Prog\Hijackthis\HijackThis.exe
E:\Programfiler\internet explorer\iexplore.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programfiler\MSN Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Prog\Java\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Prog\Java\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "H:\Sindre\Spill\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Prog\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - E:\Programfiler\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5887 bytes
 
#10 · (Edited)
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Hi,

FXPlugin.dll appears to be a plugin used in making a web page transparent. Do you know anything about it?

Open notepad (it must be notepad, not wordpad, or it won't work) and copy/paste the text in the quotebox below into it:

Code:
File::
E:\WINDOWS\system32\bot007dll.dll
E:\WINDOWS\system32\fbbaphgd.dll
Save this as CFScript.txt



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


==================================

System Drive E: has 10.05 GiB (less than 15%) free.

You need to free up some space in your hard drive.

==================================

It appears that you decided to keep PKR Pal poker software. However, if you didn't mean to, and just missed it, please have the following lines fixed with HijackThis.

O4 - HKLM\..\Run: [PKR Pal] "H:\Sindre\Spill\PKR\pkrpal.exe" -osboot
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe


delete their folders, using Windows Explorer.

H:\Sindre\Spill\PokerGames
H:\Sindre\Spill\PKR

and restart the computer for the changes to take effect.

====================================

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop in txt format.
Copy and paste that information from Kapersky in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans for no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Or use Firefox with IE-Tab plugin

==================================

Please post the Combofix.txt, the Kaspersky log and a fresh HijackThis log please.
 
#11 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Sorry for the late response. I had to cancel the virus-scan after it had scanned for 15 hours and was still at 12% (it got stuck on my D: drive which is broken.. hardware issue) so I scanned my remaining HDs and this is the log:

------------------

Friday, October 05, 2007 9:16:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 5/10/2007
Kaspersky Anti-Virus database records: 427745


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\
E:\
H:\

Scan Statistics
Total number of scanned objects 392258
Number of viruses found 40
Number of infected objects 223
Number of suspicious objects 2
Duration of the scan process 04:58:42

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Identities\{AE3071F4-88A6-4367-A9D1-44EC746BC0D3}\Microsoft\Outlook Express\Hotmail - Innboks.dbx/[From MAILER-DAEMON@netspace.net.au (Mail Delivery System)][Date Mon, 21 Jun 2004 04:42:43 +1000 (EST)]/Part-2.zip/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped

C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Identities\{AE3071F4-88A6-4367-A9D1-44EC746BC0D3}\Microsoft\Outlook Express\Hotmail - Innboks.dbx/[From MAILER-DAEMON@netspace.net.au (Mail Delivery System)][Date Mon, 21 Jun 2004 04:42:43 +1000 (EST)]/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa skipped

C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Identities\{AE3071F4-88A6-4367-A9D1-44EC746BC0D3}\Microsoft\Outlook Express\Hotmail - Innboks.dbx/[From MAILER-DAEMON@netspace.net.au (Mail Delivery System)][Date Mon, 21 Jun 2004 04:42:43 +1000 (EST)]/UNNAMED/UNNAMED/[From persindre@hotmail.com][Date Sun, 20 Jun 2004 20:42:37 +0200]/Part-2.zip/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped

C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Identities\{AE3071F4-88A6-4367-A9D1-44EC746BC0D3}\Microsoft\Outlook Express\Hotmail - Innboks.dbx/[From MAILER-DAEMON@netspace.net.au (Mail Delivery System)][Date Mon, 21 Jun 2004 04:42:43 +1000 (EST)]/UNNAMED/UNNAMED/[From persindre@hotmail.com][Date Sun, 20 Jun 2004 20:42:37 +0200]/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa skipped

C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Identities\{AE3071F4-88A6-4367-A9D1-44EC746BC0D3}\Microsoft\Outlook Express\Hotmail - Innboks.dbx/[From MAILER-DAEMON@netspace.net.au (Mail Delivery System)][Date Mon, 21 Jun 2004 04:42:43 +1000 (EST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.aa skipped

C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Identities\{AE3071F4-88A6-4367-A9D1-44EC746BC0D3}\Microsoft\Outlook Express\Hotmail - Innboks.dbx/[From MAILER-DAEMON@netspace.net.au (Mail Delivery System)][Date Mon, 21 Jun 2004 04:42:43 +1000 (EST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.aa skipped

C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Identities\{AE3071F4-88A6-4367-A9D1-44EC746BC0D3}\Microsoft\Outlook Express\Hotmail - Innboks.dbx Mail MS Outlook 5: infected - 6 skipped

C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\DLHelperEXE.exe Infected: not-a-virus:AdWare.Win32.Thumper.a skipped

C:\Prog\Keyboard Express 3\IST1.0XE Infected: Trojan-Downloader.Win32.IstBar.is skipped

C:\Prog\Mirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Prog\PestPatrol\Quarantine\20041101153816015.zip/WINNT/Temp/Download.exe Infected: not-a-virus:AdWare.Win32.DealHelper.h skipped

C:\Prog\PestPatrol\Quarantine\20041101153816015.zip ZIP: infected - 1 skipped

C:\Prog\PestPatrol\Quarantine\20050513214016531.zip/Programfiler/dealhelper.com inc/D-Helper Web Driver/_Setupx.dll Infected: not-a-virus:AdWare.Win32.DealHelper.o skipped

C:\Prog\PestPatrol\Quarantine\20050513214016531.zip/Programfiler/dealhelper.com inc/D-Helper Web Driver/Setup.exe Infected: not-a-virus:AdWare.Win32.DealHelper.s skipped

C:\Prog\PestPatrol\Quarantine\20050513214016531.zip/WINNT/dhp.dll Infected: not-a-virus:AdWare.Win32.DealHelper.r skipped

C:\Prog\PestPatrol\Quarantine\20050513214016531.zip/WINNT/dealhlpr.dll Infected: not-a-virus:AdWare.Win32.DealHelper.r skipped

C:\Prog\PestPatrol\Quarantine\20050513214016531.zip ZIP: infected - 4 skipped

C:\Programfiler\Fellesfiler\OE\msbb.dll Infected: not-a-virus:AdWare.Win32.DealHelper.h skipped

C:\Programfiler\Fellesfiler\OE\redirector.dll Infected: not-a-virus:AdWare.Win32.OWS skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINNT\DealHelper.exe Infected: not-a-virus:AdWare.Win32.DealHelper.s skipped

C:\WINNT\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

C:\WINNT\Downloaded Program Files\SyncroAdX.dll Infected: not-a-virus:AdWare.Win32.WinAD skipped

C:\WINNT\Temp\msbb_.exe/data.rar/msbb.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped

C:\WINNT\Temp\msbb_.exe/data.rar Infected: not-a-virus:AdWare.Win32.180Solutions skipped

C:\WINNT\Temp\msbb_.exe RarSFX: infected - 2 skipped

E:\Deckard\System Scanner\backup\DOCUME~1\PER_KI~1\LOKALE~1\Temp\ihioeuca.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

E:\Deckard\System Scanner\backup\DOCUME~1\PER_KI~1\LOKALE~1\Temp\p9b6ysbn.exe Infected: not-a-virus:Downloader.Win32.WinFixer.bb skipped

E:\Deckard\System Scanner\backup\DOCUME~1\PER_KI~1\LOKALE~1\Temp\vcngdp5n.exe Infected: not-a-virus:Downloader.Win32.WinFixer.bb skipped

E:\Documents and Settings\Administrator.PERKILLER\Skrivebord\catchme.zip/mljgh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped

E:\Documents and Settings\Administrator.PERKILLER\Skrivebord\catchme.zip/nnnomml.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

E:\Documents and Settings\Administrator.PERKILLER\Skrivebord\catchme.zip ZIP: infected - 2 skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\Per_Killer\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\Per_Killer\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\Per_Killer\Lokale innstillinger\Logg\History.IE5\MSHist012007100520071006\index.dat Object is locked skipped

E:\Documents and Settings\Per_Killer\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\Per_Killer\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\Per_Killer\Lokale innstillinger\Temporary Internet Files\Content.IE5\0DYU35OQ\bind[1].htm Object is locked skipped

E:\Documents and Settings\Per_Killer\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\Per_Killer\Mine dokumenter\Downloads\Compressed\A_Speeder_v2.8.0.122.zip/crack.exe/ist1.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped

E:\Documents and Settings\Per_Killer\Mine dokumenter\Downloads\Compressed\A_Speeder_v2.8.0.122.zip/crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped

E:\Documents and Settings\Per_Killer\Mine dokumenter\Downloads\Compressed\A_Speeder_v2.8.0.122.zip ZIP: infected - 2 skipped

E:\Documents and Settings\Per_Killer\Mine dokumenter\Mine mottatte filer\NewPics07.zip/PICTURE1374.JPG_www.photobucket.com Infected: Backdoor.Win32.IRCBot.ahm skipped

E:\Documents and Settings\Per_Killer\Mine dokumenter\Mine mottatte filer\NewPics07.zip ZIP: infected - 1 skipped

E:\Documents and Settings\Per_Killer\ntuser.dat Object is locked skipped

E:\Documents and Settings\Per_Killer\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\Per_Killer\Programdata\Sun\Java\Deployment\cache\6.0\2\4d0b6082-56e8db3b/BlackBox.class Infected: Trojan.Java.ClassLoader.ak skipped

E:\Documents and Settings\Per_Killer\Programdata\Sun\Java\Deployment\cache\6.0\2\4d0b6082-56e8db3b/VB.class Infected: Trojan.Java.ClassLoader.ak skipped

E:\Documents and Settings\Per_Killer\Programdata\Sun\Java\Deployment\cache\6.0\2\4d0b6082-56e8db3b/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah skipped

E:\Documents and Settings\Per_Killer\Programdata\Sun\Java\Deployment\cache\6.0\2\4d0b6082-56e8db3b ZIP: infected - 3 skipped

E:\Documents and Settings\Per_Killer\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-6066859a-4d8ff80a.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak skipped

E:\Documents and Settings\Per_Killer\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-6066859a-4d8ff80a.zip/VB.class Infected: Trojan.Java.ClassLoader.ak skipped

E:\Documents and Settings\Per_Killer\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-6066859a-4d8ff80a.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah skipped

E:\Documents and Settings\Per_Killer\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-6066859a-4d8ff80a.zip ZIP: infected - 3 skipped

E:\Documents and Settings\Per_Killer\UserData\index.dat Object is locked skipped

E:\Program Files\Internet Optimizer\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\abytaqwy.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\aoytdhdf.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\awjwvrya.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\bjsjnxqe.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\bxkpyava.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\cewcmdue.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\cgfbwpkr.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\chiwebmt.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\cphtrkkx.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\cpvhguli.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\csyeqcid.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\cucegmbx.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\cxwvcsae.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\djqiwoev.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\dpjxyycr.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\dqlfnbay.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\dqolynfj.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\dqwhtill.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\edlnwxgr.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ejgrubuq.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ekvwtqvy.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\elwkgeon.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\eqxdvwbi.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\eunhfktc.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\evcbbhfc.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\eyfjvfyx.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\fbltsjnu.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\fbyghkdt.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\fdmgkpnq.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\fgitjwaw.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\fhbdfhbp.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\fhypxkha.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\fmpqkbrh.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\fxxhumhy.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\gcdbured.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\gemdjeuy.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\gplwegek.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\grrurwrs.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\gyumvjef.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\hhqpckqj.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\hjbwpsgj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\hlpyncvb.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\hqngeotd.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\hrnaftqh.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\hyydlxao.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\idffctal.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\idrunlti.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\igceuijs.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\iqgfjfkq.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\iqwcvnjv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\iuhsdtss.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\jjghcbwp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\jklgroey.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\jmueauqw.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\jvdfsyxa.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kcwqwuhj.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kdahqcqp.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kfcxdptg.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kfoheveo.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kkgypduj.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kplrlyop.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kqobxyhm.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kryjajhg.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ktrodfkv.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kvqigrpj.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\kxtatacj.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ldvlldnr.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\leemlqxm.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\lgdlbcwi.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\liildpvt.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\liugktpa.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\lmvfamku.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\lngjbgpw.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ltdlsypp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ltridbwa.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\lvkdphdh.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\lxxeahxx.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mjuthuqd.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mlmkdanc.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mlndeiei.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mmvsfhwu.dll.vir Suspicious: Packed.Win32.Morphine.a skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mnqliefp.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\moqblabe.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mpypqhyw.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mqkpktgd.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\msvrjkxu.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mupklktv.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\mvsumswd.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\myxvctpw.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\nmlveplx.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\nngathro.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\nrthpspj.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\nykvengt.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\oacuotcf.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ohjvwunl.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\onburapy.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\oobdhlig.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\opyecmah.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\oqjxmygl.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\otgambbm.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\oxbpsifa.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\paixxldh.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\pbggysns.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\pbxamtgv.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\pjfgbnoj.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\powoncmw.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\psucbaht.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ptonhjbe.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\pvagcrki.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\pwomddhf.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\qbqhoxxh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\qdtthdtn.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\qeqccmvv.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\qhfhadur.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\qtmjtjvx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\qwbtpbal.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rastmssv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rcnuxdhn.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rdcllipk.dll.vir Suspicious: Packed.Win32.Morphine.a skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rhxlmbef.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rkeefaot.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rncmsaun.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rqplvuua.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rshdiqsk.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rtitualw.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\rvpdsvto.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\sbyrixpf.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\scktovvv.dll.vir Infected: Packed.Win32.Klone.j skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\sjrbrevh.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\sjyicoxy.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\smhrxgch.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\snhcduqj.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\tdedrhik.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\tdjpsjda.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\tgujjenv.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\trxxmaxe.dll.vir Infected: Trojan.Win32.BHO.hj skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\tvgmbxkg.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\tytdcaxy.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ueauqcro.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\uvrmjwvj.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\uwitueck.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\vdokykql.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\veoqhfns.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\vfscxrea.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\vfwpshhd.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\vgnkrbbg.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\vijpidqq.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\vmucrgsl.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\vqnskqna.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\vrtnddhf.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\wglpahlw.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\wimuwtfh.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\wjffaynk.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\wkyprsqk.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\xdwoqtrl.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\xeyhgjca.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\xjkptnlj.exe.vir Infected: Trojan.Win32.Agent.bck skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\xqwjmgsj.dll.vir Infected: Trojan.Win32.BHO.bd skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\xywprssm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\ykipwxms.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\qoobox\Quarantine\E\WINDOWS\system32\yyyenujt.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped

E:\Sindre\Downloads\Applications\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

E:\Sindre\Downloads\Applications\mirc616.exe mIRC: infected - 1 skipped

E:\Sindre\Downloads\Spill\blindsight.exe/WISE0033.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

E:\Sindre\Downloads\Spill\blindsight.exe/WISE0034.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped

E:\Sindre\Downloads\Spill\blindsight.exe/WISE0035.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

E:\Sindre\Downloads\Spill\blindsight.exe WiseSFX: infected - 3 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\WINDOWS\bnetunin.exe Infected: Trojan-Downloader.Win32.Agent.drp skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\SchedLgU.Txt Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

E:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\default Object is locked skipped

E:\WINDOWS\system32\config\default.LOG Object is locked skipped

E:\WINDOWS\system32\config\SAM Object is locked skipped

E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SECURITY Object is locked skipped

E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\system32\config\software Object is locked skipped

E:\WINDOWS\system32\config\software.LOG Object is locked skipped

E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\system Object is locked skipped

E:\WINDOWS\system32\config\system.LOG Object is locked skipped

E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

E:\WINDOWS\system32\flextdtw.exe Infected: Trojan.Win32.Agent.anr skipped

E:\WINDOWS\system32\h323log.txt Object is locked skipped

E:\WINDOWS\system32\itcohqhd.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

E:\WINDOWS\system32\mjupcfkc.exe Infected: Trojan.Win32.Agent.aoy skipped

E:\WINDOWS\system32\psgwvxsv.exe Infected: Trojan.Win32.Agent.anr skipped

E:\WINDOWS\system32\rygrqiqn.exe Infected: Trojan.Win32.Agent.aoy skipped

E:\WINDOWS\system32\smhvajdl.exe Infected: Trojan.Win32.Agent.anr skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

E:\WINDOWS\system32\wpxjfekn.exe Infected: Trojan.Win32.Agent.aoy skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

H:\Prog\BSPlayer\bsplayer142.833.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

H:\Prog\BSPlayer\bsplayer142.833.exe NSIS: infected - 1 skipped

H:\Prog\eMule\Incoming\Dark Messiah Of Might And Magic fr Crack Keygen Serial.rar/Dark Messiah Of Might And Magic Crack Keygen Serial/Crack.exe Infected: Trojan.Win32.StartPage.ans skipped

H:\Prog\eMule\Incoming\Dark Messiah Of Might And Magic fr Crack Keygen Serial.rar/Dark Messiah Of Might And Magic Crack Keygen Serial/dem.exe Infected: Trojan.Win32.StartPage.ans skipped

H:\Prog\eMule\Incoming\Dark Messiah Of Might And Magic fr Crack Keygen Serial.rar RAR: infected - 2 skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

------------------------------

Combofix:

ComboFix 07-10-04.5 - Per_Killer 2007-10-05 1:19:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1156 [GMT 2:00]
Running from: E:\Documents and Settings\Per_Killer\Skrivebord\ComboFix.exe
Command switches used :: E:\Documents and Settings\Per_Killer\Skrivebord\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\system32\bot007dll.dll
E:\WINDOWS\system32\fbbaphgd.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 18:07 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-04 02:29 <DIR> d-------- E:\Deckard
2007-10-03 21:23 <DIR> d-------- E:\WINDOWS\system32\ActiveScan
2007-10-02 18:08 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\Prevx
2007-10-02 07:20 314,368 --a------ E:\WINDOWS\uninst.exe
2007-09-25 20:05 <DIR> d-------- E:\Programfiler\PartyGaming
2007-09-20 19:44 <DIR> d-------- E:\Programfiler\Fellesfiler\Teleca Shared
2007-09-18 17:28 <DIR> d-------- E:\Documents and Settings\Per_Killer\Programdata\uqm
2007-09-11 18:39 22,328 --a------ E:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-11 18:39 22,328 --a------ E:\Documents and Settings\Per_Killer\Programdata\PnkBstrK.sys
2007-09-11 18:38 66,872 --a------ E:\WINDOWS\system32\PnkBstrA.exe
2007-09-11 18:38 103,736 --a------ E:\WINDOWS\system32\PnkBstrB.exe
2007-09-11 18:38 <DIR> d-------- E:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 22:54 83160 --a------ E:\WINDOWS\system32\drivers\scskusbs.sys
2007-10-03 22:54 19504 --a------ E:\WINDOWS\system32\drivers\scskusbf.sys
2007-10-03 08:08 --------- d-------- E:\Documents and Settings\Per_Killer\Programdata\BitTorrent
2007-09-04 19:46 --------- d-------- E:\Documents and Settings\Per_Killer\Programdata\Sunbelt Software
2007-09-04 07:20 --------- d-------- E:\Documents and Settings\All Users\Programdata\Nexon
2007-08-31 19:28 --------- d-------- E:\Documents and Settings\Per_Killer\Programdata\dvdcss
2007-08-28 00:39 --------- d-------- E:\Documents and Settings\Per_Killer\Programdata\Skype
2007-08-10 18:43 94208 --a------ E:\WINDOWS\DIIUnin.exe
2007-08-07 02:15 33052 --a------ E:\WINDOWS\system32\drivers\scdemu.sys
2007-07-14 15:47 737280 --a------ E:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="H:\Prog\Java\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="E:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 E:\WINDOWS\system32\nwiz.exe]
"Smapp"="E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"QuickTime Task"="E:\Programfiler\QuickTime\qttask.exe" [2006-04-30 13:05]
"PKR Pal"="H:\Sindre\Spill\PKR\pkrpal.exe" [2007-09-19 00:18]
"PWRISOVM.EXE"="H:\Prog\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="E:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
C:\Prog\PestPatrol\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Prog\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Prog\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Prog\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Prog\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Prog\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Prog\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"E:\Programfiler\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
C:\Prog\PestPatrol\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
C:\Prog\PestPatrol\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Programfiler\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
E:\Programfiler\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Sindre\Spill\Steam\\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)

R0 viamraid;viamraid;E:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 CdaD10BA;CdaD10BA;\??\E:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 ithsgt;ithsgt;E:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 lilsgt;lilsgt;E:\WINDOWS\system32\DRIVERS\lilsgt.sys
R3 scskusbf;USB SCSK Filter Driver Service;E:\WINDOWS\system32\drivers\scskusbf.sys
R3 Tetris;Tetris driver;E:\WINDOWS\system32\Drivers\Tetris.sys
S3 ATITUNEP;ATI WDM TV Tuner;E:\WINDOWS\system32\DRIVERS\atineuxx.sys
S3 ativraxx;ATI WDM Rage Theater Audio;E:\WINDOWS\system32\DRIVERS\atinraxx.sys
S3 ATIXSAudio;ATI WDM TV Audio Crossbar;E:\WINDOWS\system32\DRIVERS\atinesxx.sys
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);E:\WINDOWS\system32\drivers\ES1370MP.sys
S3 FreshIO;FreshIO;\??\H:\Prog\FreshDiagnose\FreshIO.sys
S3 scsk4;SCSK4 Driver Service;E:\WINDOWS\system32\drivers\scsk4.sys
S3 scskusbs;USB SCSK Driver Service;E:\WINDOWS\system32\drivers\scskusbs.sys
S3 TTDec;ATI WDM Teletext Decoder;E:\WINDOWS\system32\DRIVERS\ATINTTXX.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\SETUP.EXE

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 01:23:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-05 1:25:06 - machine was rebooted
E:\ComboFix-quarantined-files.txt ... 2007-10-05 01:24
E:\ComboFix2.txt ... 2007-10-04 18:36
.
--- E O F ---
----------------

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:10 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
H:\Prog\Java\bin\jusched.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
H:\Prog\PowerISO\PWRISOVM.EXE
E:\Programfiler\Internet Explorer\iexplore.exe
H:\Sindre\Spill\Online\Dark Ages\DarkAges.exe
E:\Programfiler\MSN Messenger\msnmsgr.exe
E:\Programfiler\MSN Messenger\usnsvc.exe
E:\Programfiler\internet explorer\iexplore.exe
C:\Prog\Adobe Reader\Reader\AcroRd32.exe
E:\WINDOWS\system32\wisptis.exe
H:\Prog\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Prog\Java\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Prog\Java\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "H:\Sindre\Spill\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Prog\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - E:\Programfiler\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6131 bytes


Attached ComboFix-quarantined-files.txt and ComboFix2.txt just incase.
 

Attachments

#12 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Hi,

There is some evidence of crack downloads via eMule in the Kaspersky log. I would strongly warn you that if you continue using p2p file sharing programs and visiting crack sites, you'll be infected again in a very short time. Many boards are now considering not to give any help to those who insist on using p2p file sharing, and certainly those who are visiting the crack sites. Please refer to my post # 8 and remove any p2p file sharing programs you may have.

===================================

Download ATF Cleaner by Atribune and save it to your Desktop. Don't do anything with it yet.

===================================

Empty the quarantine folder of Pest Patrol

C:\Prog\PestPatrol\Quarantine

===================================

Go to start > run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click Ok

Now search and delete the following files:

C:\WINNT\Downloaded Program Files\popcaploader.dll
C:\WINNT\Downloaded Program Files\SyncroAdX.dll

Go to start > run and type regsvr32 occache.dll
Click OK

==================================

Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

** These files are hidden to stop you or anybody else accidentally removing something important.
It is advisable to hide them again after you're done. **

=================================

Using Windows Explorer (right click on Start, click on Explore), navigate to the following file, right click on it, and then click on Properties. Let me know what it says there.

E:\WINDOWS\iun6002.exe

===================================

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

=================================

Using Windows Explorer (right click on Start, click on Explore), locate and delete the following files and folders:

Files:

C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\DLHelperEXE.exe
C:\Programfiler\Fellesfiler\OE\msbb.dll
C:\Programfiler\Fellesfiler\OE\redirector.dll
C:\WINNT\DealHelper.exe
E:\Documents and Settings\Per_Killer\Mine dokumenter\Downloads\Compressed\A_Speeder_v2.8.0.122.zip
E:\Documents and Settings\Per_Killer\Mine dokumenter\Mine mottatte filer\NewPics07.zip
E:\Sindre\Downloads\Spill\blindsight.exe
E:\WINDOWS\bnetunin.exe
E:\WINDOWS\system32\flextdtw.exe
E:\WINDOWS\system32\itcohqhd.exe
E:\WINDOWS\system32\mjupcfkc.exe
E:\WINDOWS\system32\psgwvxsv.exe
E:\WINDOWS\system32\rygrqiqn.exe
E:\WINDOWS\system32\smhvajdl.exe
E:\WINDOWS\system32\wpxjfekn.exe
H:\Prog\BSPlayer\bsplayer142.833.exe
H:\Prog\eMule\Incoming\Dark Messiah Of Might And Magic fr Crack Keygen Serial.rar

===========================

Folders:
E:\Program Files\Internet Optimizer
C:\Prog\Keyboard Express 3\IST1.0
E:\Deckard
E:\qoobox

============================

You have six infected mail in your MS Outlook 5 inbox. From MAILER-DAEMON@netspace.net.au (Mail Delivery System). Please delete them. They are dated Mon, 21 Jun 2004.

============================

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Opera :
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

When you have finished, click on the Exit button in the Main menu.

====================================

Restart your computer in Normal Mode.

====================================

Post another HijackThis log and let me know how the computer is running now.
 
#13 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

iun6002.exe:

Description says: SUF60Runtime

Owner of the file: Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:28 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
H:\Prog\Java\bin\jusched.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
H:\Prog\PowerISO\PWRISOVM.EXE
E:\Programfiler\MSN Messenger\MsnMsgr.Exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programfiler\MSN Messenger\usnsvc.exe
E:\Programfiler\internet explorer\iexplore.exe
H:\Prog\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Prog\Java\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Prog\Java\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "H:\Sindre\Spill\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Prog\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - E:\Programfiler\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Sindre\Spill\PokerGames\Titan Poker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5994 bytes

I cannot find these e-mails you are referring to. I don't use any e-mail reading program and I never will. I use gmail.

I agree about crack sites. My computer have been buried with viruses and adware etc. for so long so I haven't bothered to be careful really. However, about P2P-software.. I appreciate your concerns, but I see no wrong in having P2P software on my comp aslong as the software itself is clean. Yes I am aware of the fact that virus may get spread across users' computers trough these programs but programs like bittorrent etc. is a great way of transfering files trough the internet, not only independent users use this now.. several games/programs make their updates and files available to download trough these P2P programs.
As for how the computer feels now, it's about 100 times better. Just removing the pop-up virus/malware helped -alot-. I am unsure if -everything- bothering my comp is taken care of, but it's certainly alot better :) I came here because the computer was so infected that I couldn't really use it anymore.
So I will indeed operate with alot more care and be alot more careful whenever I am downloading or surfing.

The weird task-manager problem remains. I have this problem in all my Windows-installations too (it stuck with me, and did not get fixed by formatting/re-installing XP when I tried to do that to fix the problem about a year ago)

I will submit a screenshot to try and show you.

Thanks alot for the help (so far?) by the way :)
 

Attachments

#14 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Hi,

Your log is clean.

However, about P2P-software.. I appreciate your concerns, but I see no wrong in having P2P software on my comp aslong as the software itself is clean.
Even if the software is clean, you have no guarantee that the files you download from undocumented sources are.

As for how the computer feels now, it's about 100 times better.
That's good.

So I will indeed operate with alot more care and be alot more careful whenever I am downloading or surfing.
Glad to hear that.

I cannot find these e-mails you are referring to. I don't use any e-mail reading program and I never will. I use gmail.
Well they are in the Kaspersky report. Since you are the only user, it must be your inbox. This is the location of the emails, but don't worry if you cannot find them. They are very old and you're not likely to go and click on them.

Code:
C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Identities\{AE3071F4-88A6-4367-A9D1-44EC746BC0D3}\Microsoft\Outlook Express\Hotmail - Innboks.dbx
The weird task-manager problem remains. I have this problem in all my Windows-installations too (it stuck with me, and did not get fixed by formatting/re-installing XP when I tried to do that to fix the problem about a year ago)
If it did not get fixed with formatting and reinstalling the operating system, I don't think it's malware related. You might like to post this problem in the XP forum. However, you also have very little space left in your hard drive.

System Drive E: has 10.05 GiB (less than 15%) free.
You can remove DSS and Combofix from your desktop now.

ATF Cleaner is a useful tool to keep for cleaning your cookies and temp files on a regular basis.

Create a new System Restore point to prevent reinfection from old restore points.

Go to Start>Run and type sysdm.cpl. Press Enter
  • Select the System Restore Tab
  • Place a check in "Turn off System Restore on all drives"
  • Click Apply
  • next, uncheck the same checkbox.
  • Click Apply
  • Click OK
You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

==================================================

A colleague of ours has excellent information and tips on the prevention of malware here and more on improving speed/system performance after malware removal here .
If you want to fight back the Malware Writers, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing! :smile:
 
#15 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

The E: disk have 33GB+ freed up. I deleted some **** back in that post where you asked me to do that.

Even if the software is clean, you have no guarantee that the files you download from undocumented sources are.
I know that. Even if sources are documented, there's never any -guarantee-. But just like in rl it's about taking calculated risks.. You can't sterilize your room, and refuse to leave it because you might get a disease if you do.. xD Then again there are ways of beeing abit more careful than I have been, and I feel like I've learned my lesson ;p

I deleted all Windows System Restorepoints and then manually created a new one.

I've downloaded: AVG Free Version, Ad-Aware 2007 Free Edition and Jetico Personal Firewall.
Ad-Aware found 66 infected files so far.


Do the free versions of these programs that all offer "Pro"-editions (for a certain fee per year) have the needed protection, or will these free versions let viruses and crap slide trough?
It's always been more or less impossible to know what an anti-virus program does and how well it does it.

Thanks again, let me see if these infected files get taken care of..
 
#16 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Hmmm... Adaware had found 69 infected files, however all of a sudden it crashed. I sent the crash-report, but what worries me is that it summarized the search as if it had been completed correctly, and claimed it found zero threats/adware etc.. Also, I notice it does not let you enable real-time protection unless you pay money. x.x

Going to conduct another search after AVG's search is done with.
 
#17 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

The I did another search with Ad-aware 2007 and it found 69 infected objects, I deleted them all.

AVG found 5-6 virus infected files that I also deleted.

Really early in this fix, you did something that fixed the pop-up problem. (In the beginning the pop-ups would arrive, but they only turned up as blank pages that wouldn't load their intended content.) However now that the popup virus is gone I have a problem; Even programs/games that legally open up a browser window to show some kind of information to the user gets blocked. What is causing this?
 
#18 · (Edited)
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Hi,

I've downloaded: AVG Free Version, Ad-Aware 2007 Free Edition and Jetico Personal Firewall.
Ad-Aware found 66 infected files so far.
That sounds good. A good antivirus and a good firewall are a must. AVG Free is a good antivirus. I have it on my laptop.

Do the free versions of these programs that all offer "Pro"-editions (for a certain fee per year) have the needed protection, or will these free versions let viruses and crap slide trough?
These are free for personal use only, not for businesses. And, I have experienced them to be just as good as the paid version.

It's always been more or less impossible to know what an anti-virus program does and how well it does it.
In a nutshell, they have a database of viruses, trojans and worms which are updated regularly. They are then able to clean/disinfect/quarantine these malware. However, there is also new malware appearing everyday. Until the software is able to update, the users may get infected, if they are not careful in surfing the net. Therefore, the ulltimate protection is the user himself/herself.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable. The same rule applies to the firewall: ONE antivirus, ONE firewall.

It's good to keep, Adaware, Spybot and AVG Anti Spyware as on-demand scanners. For realtime spyware protection, I would recommend the following:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

I personally use the following (updated regularly):

For real time protection:

Avira (on my desktop), AVG Free (on my laptop)
ZoneAlarm
Windows Defender
SpywareBlaster
SpywareGuard
Site Hound

On demand:

Adaware SE 1.6
Spybot S & D 1.5
AVG Anti Spyware 7.5

=================================

The I did another search with Ad-aware 2007 and it found 69 infected objects, I deleted them all.

AVG found 5-6 virus infected files that I also deleted.
So, Adaware is working now. That's good. Most of those 69 objects was probably tracking cookies.

============================

Really early in this fix, you did something that fixed the pop-up problem. (In the beginning the pop-ups would arrive, but they only turned up as blank pages that wouldn't load their intended content.)
Actually it was the Combofix that fixed it. But, you shouldn't even have the blank pages. Are you still getting blank popups?

However now that the popup virus is gone I have a problem; Even programs/games that legally open up a browser window to show some kind of information to the user gets blocked. What is causing this?
Check your firewall. It may be blocking them. Those websites may be in the data base of some of your security applications, I don't know. Also check the cookie settings in internet explorer. Go to Tool>Internet Options>Privacy, click on "Sites" button and check if the name of the website is listed among those which are blocked. You can also add the website address and click on "allow" button. But you must be absolutely sure that the website is safe.

==========================

Can you please post another HijackThis log to make sure that everything is OK?
 
#19 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:21 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
H:\Prog\Java\bin\jusched.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
E:\Programfiler\MSN Messenger\MsnMsgr.Exe
E:\Programfiler\MSN Messenger\usnsvc.exe
E:\Programfiler\iPod\bin\iPodService.exe
C:\Prog\Mirc\mirc.exe
E:\WINDOWS\system32\wisptis.exe
H:\Prog\AVG\avgamsvr.exe
H:\Prog\AVG\avgemc.exe
H:\Prog\AVG\avgupsvc.exe
H:\Prog\AVG\avgcc.exe
H:\Prog\Ad-Aware\aawservice.exe
E:\Programfiler\Internet Explorer\iexplore.exe
H:\Sindre\Spill\Online\Dark Ages\Darkages.exe
H:\Prog\AutoIt3\AutoIt3.exe
H:\Prog\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Prog\Java\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Prog\Java\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] E:\Programfiler\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG7_CC] H:\Prog\AVG\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\Prog\AVG\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Prog\Java\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\Prog\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\Prog\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\Prog\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\Prog\AVG\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6170 bytes

Quote:
Really early in this fix, you did something that fixed the pop-up problem. (In the beginning the pop-ups would arrive, but they only turned up as blank pages that wouldn't load their intended content.)

Actually it was the Combofix that fixed it. But, you shouldn't even have the blank pages. Are you still getting blank popups?


Quote:
However now that the popup virus is gone I have a problem; Even programs/games that legally open up a browser window to show some kind of information to the user gets blocked. What is causing this?

Check your firewall. It may be blocking them. Those websites may be in the data base of some of your security applications, I don't know. Also check the cookie settings in internet explorer. Go to Tool>Internet Options>Privacy, click on "Sites" button and check if the name of the website is listed among those which are blocked. You can also add the website address and click on "allow" button. But you must be absolutely sure that the website is safe.
Let me try to explain.. At the very beginning of the fix, before we completely removed (I suppose) whatever was causing the popups, the popups would arrive (IE-windows were opened) but the iexplorer-windows that were opened not by me would be completely dead. They had no content, no URL and would not load. At the time that was a good thing. I have no problems surfing now, and windows that -I- open in internetexplorer will open and load just fine. However, ie-windows opened by applications will not. I have yet to configure and use my firewall so that can't be the problem. My problem specifically is that I am hooked on a great game called Warblade. When you submit your highscore to the wordlist you have to use a login-name and password and select the highscore you want to submit, and when you click "Submit" a ie-window will open that probably request that you confirm the information you have entered or something. But the page will just open, and won't load. I have no idea what the URL is but I am 100% sure that it's clean.
You told me to download and use a program in the beginning of our session, it needed me to import a list of internet-URLs to block, and I think it was after that procedure that the pop-ups started arriving blank or dead. However it seems some application or some settings is refusing to let applications of any sort open any internet explorer windows. This is a problem since when opening URLs from within a game etc. you don't really know the URL plus the game might want to submit information from the game that the user can't do manually.

Hope you understand what I mean?
 
#20 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Like as an example, if someone post me an URL in MSN and I click it, a ie-window will open but it will be without any URL in the adress-field. It will also be blank and completely dead. Now -this- isn't a problem, as I can easily copy the URL and paste it in myself, but just a basic example to try and explain what the problem is >.<
 
#21 ·
Re: Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or somethi

Hi,

You told me to download and use a program in the beginning of our session, it needed me to import a list of internet-URLs to block, and I think it was after that procedure that the pop-ups started arriving blank or dead
The programs I asked you to download and use are:

Combofix
HijackThis v2.0.2.
Kaspersky online Scanner
ATF Cleaner

None of which would import a list of internet URLs to block. Perhaps you've done that with instructions from another forum or person?

Did you download the following programs yourself:

Keyboard Express <===== I cannot find any information on this one
Mirc

You might like to print these instructions so that you can have access to them while you're in Safe Mode later.

=================================================

Please run Notepad and paste the following text inside the Code box into a new file: It's important that you use notepad, not wordpad.

Code:
attrib -r -h -s C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\DLHelperEXE.exe
del C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\DLHelperEXE.exe
Save the file to the desktop as remove.bat and make sure the "Save as Type" field says "All Files". Don't do anything with it yet. We'll use it in Safe Mode later.

==================================================

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free Edition 7.5"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the main Status screen, under Your Computer's Security, click Resident Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Do Not Automatically generate report after every scan"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

====================================================

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

====================================================

In Safe Mode, go to the desktop and double-click on remove.bat.

====================================================

Still in Safe Mode:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

====================================================

Restart in normal mode and post the AVG Anti Spyware log and a fresh HijackThis log, please.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top