PDA

View Full Version : spybot denied



kollergoll
2010-11-10, 18:29
thank you for the correction (im old and stupid)
here is the dds file.
DDS (Ver_10-11-10.01) - NTFSx86
Run by Kunde at 17:20:03,29 on 10.11.10
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.3071.2489 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programfiler\AVG\AVG9\avgchsvx.exe
C:\Programfiler\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
svchost.exe
C:\Programfiler\AVG\AVG9\avgwdsvc.exe
C:\Programfiler\AVG\AVG9\avgfws9.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programfiler\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programfiler\AVG\AVG9\avgnsx.exe
C:\Programfiler\AVG\AVG9\avgemc.exe
C:\Programfiler\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kunde\Mine dokumenter\Nedlastinger\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Koblingshjelpeprogram for Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programfiler\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [DAEMON Tools Lite] "c:\programfiler\daemon tools lite\DTLite.exe" -autorun
uRun: [igndlm.exe] c:\programfiler\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OscarEditor] "c:\programfiler\anti-vibrate oscar editor\OscarEditor.exe" Minimum
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\programfiler\vistacodecpack\qt\qttask.exe" -atboottime
mRun: [RemoteControl] c:\programfiler\cyberlink\powerdvd\PDVDServ.exe
mRun: [LanguageShortcut] c:\programfiler\cyberlink\powerdvd\language\Language.exe
mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NBKeyScan] "c:\programfiler\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\programfiler\fellesfiler\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\programfiler\fellesfiler\java\java update\jusched.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
StartupFolder: c:\docume~1\kunde\start-~1\progra~1\oppstart\erunta~1.lnk - c:\programfiler\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hppsc2~1.lnk - c:\programfiler\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hpoddt~1.lnk - c:\programfiler\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.137,93.188.160.17
TCP: {20860322-190F-4EBB-A0B5-8D5948A410F4} = 93.188.162.137,93.188.160.17
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programfiler\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\programfiler\fellesfiler\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kunde\progra~1\mozilla\firefox\profiles\k5uvar4t.default\
FF - plugin: c:\documents and settings\kunde\programdata\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programfiler\download manager\npfpdlm.dll
FF - plugin: c:\programfiler\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programfiler\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programfiler\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin4.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin5.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin6.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin7.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin8.dll
FF - plugin: c:\programfiler\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\programfiler\vistacodecpack\rm\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programfiler\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-26 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-26 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-21 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-21 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-21 243024]
R2 avg9emc;AVG E-mail Scanner;c:\programfiler\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG WatchDog;c:\programfiler\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 avgfws9;AVG Firewall;c:\programfiler\avg\avg9\avgfws9.exe [2010-7-16 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-26 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\programfiler\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-26 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\programfiler\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-26 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\programfiler\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-26 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\programfiler\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-7-16 5897808]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\google\update\GoogleUpdate.exe [2010-2-15 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-26 30104]

=============== Created Last 30 ================

2010-11-10 16:00:54 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-11-10 15:54:29 -------- d-----w- C:\TDSSKiller_Quarantine
2010-11-10 15:02:52 388096 ----a-r- c:\docume~1\kunde\progra~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-10 15:02:52 -------- d-----w- c:\programfiler\Trend Micro
2010-11-10 01:23:51 -------- d-----w- c:\programfiler\SpywareBlaster
2010-11-06 15:45:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 18:47:48 -------- d-----w- c:\docume~1\kunde\progra~1\QuickScan
2010-11-01 15:24:39 15872 ----a-r- c:\docume~1\kunde\progra~1\microsoft\installer\{048298c9-a4d3-490b-9ff9-ab023a9238f3}\Icon048298C9.exe
2010-10-30 18:29:41 1446264 ----a-w- c:\programfiler\mozilla firefox\plugins\npLegitCheckPlugin.dll

==================== Find3M ====================

2010-11-06 15:45:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-05 17:20:19 234280 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-05 17:20:19 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-09 18:28:54 1409 ----a-w- c:\windows\QTFont.for
2010-08-29 18:55:04 0 ----a-w- C:\HCTA9.tmp
2010-08-29 18:55:04 0 ----a-w- C:\HCTA8.tmp
2010-08-29 18:55:04 0 ----a-w- C:\HCTA7.tmp
2010-08-29 18:55:04 0 ----a-w- C:\HCTA6.tmp
2010-08-26 15:23:34 644400 ----a-w- c:\windows\system32\mscomct2.ocx

============= FINISH: 17:20:41,71 ===============
i really hope i did it correct this time
==========================================


found out that malware had stopped or removed ..or somthing. windows updates and such have now downloaded and installed around 50 critical updates , various virus progams i have arent detecting annything at this moment. derfor im posting new dds.

DDS (Ver_10-11-10.01) - NTFSx86
Run by Kunde at 20:00:08,78 on 10.11.10
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.3071.2348 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programfiler\AVG\AVG9\avgchsvx.exe
C:\Programfiler\AVG\AVG9\avgrsx.exe
C:\Programfiler\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programfiler\AVG\AVG9\avgwdsvc.exe
C:\Programfiler\AVG\AVG9\avgfws9.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programfiler\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programfiler\AVG\AVG9\avgnsx.exe
C:\Programfiler\AVG\AVG9\avgemc.exe
C:\Programfiler\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kunde\Mine dokumenter\Nedlastinger\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Koblingshjelpeprogram for Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programfiler\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [DAEMON Tools Lite] "c:\programfiler\daemon tools lite\DTLite.exe" -autorun
uRun: [igndlm.exe] c:\programfiler\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OscarEditor] "c:\programfiler\anti-vibrate oscar editor\OscarEditor.exe" Minimum
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RemoteControl] c:\programfiler\cyberlink\powerdvd\PDVDServ.exe
mRun: [LanguageShortcut] c:\programfiler\cyberlink\powerdvd\language\Language.exe
mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NBKeyScan] "c:\programfiler\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\programfiler\fellesfiler\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\programfiler\fellesfiler\java\java update\jusched.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
StartupFolder: c:\docume~1\kunde\start-~1\progra~1\oppstart\erunta~1.lnk - c:\programfiler\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hppsc2~1.lnk - c:\programfiler\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hpoddt~1.lnk - c:\programfiler\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programfiler\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\programfiler\fellesfiler\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kunde\progra~1\mozilla\firefox\profiles\k5uvar4t.default\
FF - plugin: c:\documents and settings\kunde\programdata\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programfiler\download manager\npfpdlm.dll
FF - plugin: c:\programfiler\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programfiler\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\programfiler\vistacodecpack\qt\plugins\npqtplugin4.dll

---- FIREFOX POLICIES ----
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programfiler\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-26 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-26 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-21 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-21 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-21 243024]
R1 SASDIFSV;SASDIFSV;c:\docume~1\kunde\lokale~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\kunde\lokale~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9emc;AVG E-mail Scanner;c:\programfiler\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG WatchDog;c:\programfiler\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 avgfws9;AVG Firewall;c:\programfiler\avg\avg9\avgfws9.exe [2010-7-16 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-26 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\programfiler\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-26 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\programfiler\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-26 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\programfiler\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-26 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\programfiler\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-7-16 5897808]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\google\update\GoogleUpdate.exe [2010-2-15 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-26 30104]

=============== Created Last 30 ================

2010-11-10 18:28:49 -------- d-sh--w- c:\documents and settings\kunde\IECompatCache
2010-11-10 18:27:44 -------- d-sh--w- c:\documents and settings\kunde\PrivacIE
2010-11-10 18:22:01 -------- d-sh--w- c:\documents and settings\kunde\IETldCache
2010-11-10 18:13:11 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-10 18:12:58 -------- d-----w- c:\windows\ie8updates
2010-11-10 18:12:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-10 18:12:25 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-10 18:12:25 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-10 18:12:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-10 18:12:25 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-10 18:12:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-10 18:12:25 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-10 18:11:16 -------- dc-h--w- c:\windows\ie8
2010-11-10 17:47:02 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-10 17:47:02 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-10 17:46:25 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-10 17:19:36 -------- d-----w- c:\docume~1\kunde\progra~1\SUPERAntiSpyware.com
2010-11-10 17:19:36 -------- d-----w- c:\docume~1\alluse~1\progra~1\SUPERAntiSpyware.com
2010-11-10 16:00:54 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-11-10 15:54:29 -------- d-----w- C:\TDSSKiller_Quarantine
2010-11-10 15:02:52 388096 ----a-r- c:\docume~1\kunde\progra~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-10 15:02:52 -------- d-----w- c:\programfiler\Trend Micro
2010-11-10 01:23:51 -------- d-----w- c:\programfiler\SpywareBlaster
2010-11-06 15:45:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 18:47:48 -------- d-----w- c:\docume~1\kunde\progra~1\QuickScan
2010-11-01 15:24:39 15872 ----a-r- c:\docume~1\kunde\progra~1\microsoft\installer\{048298c9-a4d3-490b-9ff9-ab023a9238f3}\Icon048298C9.exe
2010-10-30 18:29:41 1446264 ----a-w- c:\programfiler\mozilla firefox\plugins\npLegitCheckPlugin.dll

==================== Find3M ====================

2010-11-06 15:45:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-05 17:20:19 234280 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-05 17:20:19 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-18 11:23:42 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:39 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:39 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52:41 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52:41 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 18:28:54 1409 ----a-w- c:\windows\QTFont.for
2010-09-01 11:52:54 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57:50 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-29 18:55:04 0 ----a-w- C:\HCTA9.tmp
2010-08-29 18:55:04 0 ----a-w- C:\HCTA8.tmp
2010-08-29 18:55:04 0 ----a-w- C:\HCTA7.tmp
2010-08-29 18:55:04 0 ----a-w- C:\HCTA6.tmp
2010-08-27 08:04:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:55:04 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 15:23:34 644400 ----a-w- c:\windows\system32\mscomct2.ocx
2010-08-23 16:13:25 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:19 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 20:00:49,81 ===============

Jack&Jill
2010-11-16, 11:24
Hello kollergoll :),

Sorry for the delay.

If you still need help, please delete the DDS file that you have and download a fresh copy from one of the links below. Please post new DDS logs.

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Link 3 (http://www.infospyware.net/sUBs/dds)

Otherwise, this topic will be closed after 3 days.

Jack&Jill
2010-11-19, 18:09
Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.