Win32.Delf.uv and Hupigon13

cbcswed · May 8, 2009

Hello,

My computer has recently been infected by Win32.Delf.uv and Hupigon13. The computer is 5 years old and I never had any similar problems with it before. I am very inexperienced with all of this and feel completely helpless and miserable. I would be extremely grateful if someone could help me resolve my problem.

The computer works ok at times but it reboots when I try to perform many simple tasks such as printing a logfile from S&D or when I try a registry backup ('ntbackup.exe'). Regedit doesn't open at all. When I turn off the computer it often restarts by itself only a second after it has turned off.

I will post the S&D logfile and HijackThis log below:

--- Report generated: 2009-05-08 19:51 ---

Hupigon13: [SBI $D5A7DCB6] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

Hupigon13: [SBI $8D4AFC92] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com

Hupigon13: [SBI $79919CB3] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe

Hupigon13: [SBI $46DBB063] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe

Win32.Delf.uv: [SBI $E73FD4D9] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE\Debugger

Win32.Delf.uv: [SBI $9554BC9A] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE\Debugger

Win32.Delf.uv: [SBI $C83CB234] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.EXE\Debugger

Win32.Delf.uv: [SBI $4D759A7F] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE\Debugger

Win32.Delf.uv: [SBI $F963F0F7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE\Debugger

Win32.Delf.uv: [SBI $83CDDB58] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.EXE\Debugger

Win32.Delf.uv: [SBI $AB0D8EB4] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE\Debugger

Win32.Delf.uv: [SBI $C53439DD] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE\Debugger

Win32.Delf.uv: [SBI $0809137C] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE\Debugger

Win32.Delf.uv: [SBI $95619944] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE\Debugger

Win32.Delf.uv: [SBI $AE0ED1C1] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE\Debugger

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:38, on 2009-05-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program\Home Cinema\PowerCinema\PCMService.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\COMMON~1\X10\Common\x10nets.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\BN13.tmp
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kompis till Kalle\Skrivbord\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computercity.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - K:\Adobe CS\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - K:\Adobe CS\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Keyboard Status] C:\Program\Medion Tools\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Prism_Utility] Prismsta.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cordless DUALphone Autostart.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk.disabled
O4 - Global Startup: PalTalk.lnk.disabled
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?853f30b8fb7f465baf3b33e56676d89c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?853f30b8fb7f465baf3b33e56676d89c
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computercity.se/
O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://euronics.vsfl.se/photos/upload/PictureChooser.cab
O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://euronics.vsfl.se/photos/upload/upload.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Net Logon NetlogonAlerter (NetlogonAlerter) - Unknown owner - C:\WINDOWS\system32\Adobez.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9162 bytes

Thank you very much for reading.

Chris

Blade81 · May 9, 2009

Hi cbcswed

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

cbcswed · May 9, 2009

DDS.text

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kompis till Kalle at 23:27:22,95 on 2009-05-09
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.1023.702 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
svchost.exe "C:\WINDOWS\system32\Adobez.exe"
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program\Home Cinema\PowerCinema\PCMService.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\COMMON~1\X10\Common\x10nets.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kompis till Kalle\Skrivbord\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.computercity.se/
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [Dit] Dit.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Keyboard Status] c:\program\medion tools\keystat\KeyStat.exe
mRun: [PCMService] "c:\program\home cinema\powercinema\PCMService.exe"
mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"
mRun: [Prism_Utility] Prismsta.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [CanonSolutionMenu] c:\program\canon\solutionmenu\CNSLMAIN.exe /logon
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\Acrobat Assistant.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\Cordless DUALphone Autostart.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\NkvMon.exe.lnk.disabled
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\PalTalk.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\msn toolbar suite\ds\02.05.0001.1119\en-us\bin\WindowsSearch.exe
IE: &MSN Search - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\program\micros~3\office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/229?853f30b8fb7f465baf3b33e56676d89c
IE: Open in new foreground tab - c:\program\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/230?853f30b8fb7f465baf3b33e56676d89c
IE: Yahoo! &Dictionary - file:///c:\program\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program\yahoo!\Common/ycsms.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program\paltalk messenger\Paltalk.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} - hxxp://euronics.vsfl.se/photos/upload/PictureChooser.cab
DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} - hxxp://euronics.vsfl.se/photos/upload/upload.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://www.bigfishgames.com/online/luxor/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
AppInit_DLLs: c:\program\google\google~1\GOEC62~1.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kompis~1\applic~1\mozilla\firefox\profiles\8m3p5nj8.default\
FF - component: c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program\personal\bin\np_prsnl.dll
FF - plugin: c:\program\picasa2\npPicasa2.dll
FF - plugin: c:\program\quicktime\plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R2 LogWatch;Event Log Watch;c:\program\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-3-29 945152]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2004-9-10 13440]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-9-9 1272000]
S2 NetlogonAlerter;Net Logon NetlogonAlerter;c:\windows\system32\adobez.exe srv --> c:\windows\system32\Adobez.exe srv [?]
S2 systemntmi;systemntmi;c:\windows\system32\drivers\systemntmi.sys [2004-9-10 30464]
S3 CA_LIC_CLNT;CA License Client;c:\program\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program\google\google desktop search\GoogleDesktop.exe [2006-7-16 29744]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\karlli~1\lokala~1\temp\gusbstoi.sys --> c:\docume~1\karlli~1\lokala~1\temp\gUSBSTOi.sys [?]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2004-9-9 24704]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [2005-1-25 11672]

=============== Created Last 30 ================

2009-05-08 19:26 <DIR> --d----- c:\program\Trend Micro
2009-05-08 14:05 <DIR> --d----- c:\windows\pss
2009-05-07 22:31 18,432 a------- c:\windows\system32\digiwet.dll
2009-05-07 22:31 20,480 a--sh--- c:\windows\system32\actmovier.dll
2009-05-07 22:30 88 a--s---- c:\windows\system32\3399478855.dat
2009-05-07 22:30 50,688 ---shr-- c:\windows\system32\Adobez.exe
2009-05-04 16:08 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-04 16:08 1,409 a------- c:\windows\QTFont.for
2009-04-18 22:11 <DIR> --d----- c:\program\DOFChart

==================== Find3M ====================

2009-05-09 23:23 13,440 a------- c:\windows\system32\drivers\USBCRFT.SYS
2009-04-04 17:36 37,568 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-29 11:08 404,840 a------- c:\windows\system32\perfh01D.dat
2009-03-29 11:08 73,982 a------- c:\windows\system32\perfc01D.dat
2009-03-07 04:06 53,760 a------- c:\windows\system32\mcenspc.dll
2008-07-22 16:13 37,176 a------- c:\docume~1\kompis~1\applic~1\GDIPFONTCACHEV1.DAT
2007-03-15 13:59 1,342 a------- c:\docume~1\kompis~1\applic~1\wklnhst.dat
2006-04-09 10:43 366 a------- c:\program\Genväg till Program.lnk
2006-05-03 12:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 13:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 15:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 23:27:32,40 ===============

cbcswed · May 9, 2009

Attach.text

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2005-07-19 19:10:56
System Uptime: 2009-05-09 23:22:11 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7046
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Socket 478 | 3391/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Socket 478 | 3391/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 116 GiB total, 46,776 GiB free.
D: is FIXED (NTFS) - 104 GiB total, 103,131 GiB free.
E: is FIXED (FAT32) - 12 GiB total, 10,404 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1262: 2009-03-14 20:47:31 - Systemkontrollpunkt
RP1263: 2009-03-14 23:07:10 - Systemkontrollpunkt
RP1264: 2009-03-16 18:05:24 - Systemkontrollpunkt
RP1265: 2009-03-17 18:37:15 - Systemkontrollpunkt
RP1266: 2009-03-18 18:55:20 - Systemkontrollpunkt
RP1267: 2009-03-19 19:52:06 - Systemkontrollpunkt
RP1268: 2009-03-20 20:15:48 - Systemkontrollpunkt
RP1269: 2009-03-21 20:37:58 - Systemkontrollpunkt
RP1270: 2009-03-22 21:26:40 - Systemkontrollpunkt
RP1271: 2009-03-24 10:41:35 - Systemkontrollpunkt
RP1272: 2009-03-26 09:16:42 - Systemkontrollpunkt
RP1273: 2009-03-27 10:07:14 - Systemkontrollpunkt
RP1274: 2009-03-28 14:05:54 - Systemkontrollpunkt
RP1275: 2009-03-29 19:30:49 - Systemkontrollpunkt
RP1276: 2009-03-30 23:06:35 - Systemkontrollpunkt
RP1277: 2009-04-01 11:09:41 - Systemkontrollpunkt
RP1278: 2009-04-02 16:21:49 - Systemkontrollpunkt
RP1279: 2009-04-03 17:03:08 - Systemkontrollpunkt
RP1280: 2009-04-04 13:19:30 - Removed Adobe Photoshop CS2
RP1281: 2009-04-05 14:04:54 - Systemkontrollpunkt
RP1282: 2009-04-06 17:26:38 - Systemkontrollpunkt
RP1283: 2009-04-07 19:07:19 - Systemkontrollpunkt
RP1284: 2009-04-08 19:39:00 - Systemkontrollpunkt
RP1285: 2009-04-09 23:17:57 - Systemkontrollpunkt
RP1286: 2009-04-11 00:24:09 - Systemkontrollpunkt
RP1287: 2009-04-12 12:08:28 - Systemkontrollpunkt
RP1288: 2009-04-13 15:16:57 - Systemkontrollpunkt
RP1289: 2009-04-14 15:49:15 - Systemkontrollpunkt
RP1290: 2009-04-15 16:05:11 - Systemkontrollpunkt
RP1291: 2009-04-16 16:25:10 - Systemkontrollpunkt
RP1292: 2009-04-17 18:13:26 - Systemkontrollpunkt
RP1293: 2009-04-18 19:44:46 - Systemkontrollpunkt
RP1294: 2009-04-20 08:29:54 - Systemkontrollpunkt
RP1295: 2009-04-21 08:30:57 - Systemkontrollpunkt
RP1296: 2009-04-22 21:03:46 - Systemkontrollpunkt
RP1297: 2009-04-23 23:51:31 - Systemkontrollpunkt
RP1298: 2009-04-25 17:35:15 - Systemkontrollpunkt
RP1299: 2009-04-26 20:36:43 - Systemkontrollpunkt
RP1300: 2009-04-27 23:56:22 - Systemkontrollpunkt
RP1301: 2009-04-29 12:15:07 - Systemkontrollpunkt
RP1302: 2009-04-30 12:20:08 - Systemkontrollpunkt
RP1303: 2009-05-01 12:58:22 - Systemkontrollpunkt
RP1304: 2009-05-02 13:05:22 - Systemkontrollpunkt
RP1305: 2009-05-03 13:40:43 - Systemkontrollpunkt
RP1306: 2009-05-04 16:05:11 - Systemkontrollpunkt
RP1307: 2009-05-05 19:49:02 - Systemkontrollpunkt
RP1308: 2009-05-07 11:26:54 - Systemkontrollpunkt
RP1309: 2009-05-08 00:46:36 - Spybot-S&D Spyware removal
RP1310: 2009-05-08 02:03:07 - Spybot-S&D Spyware removal
RP1311: 2009-05-08 09:18:11 - Spybot-S&D Spyware removal
RP1312: 2009-05-08 13:03:58 - Spybot-S&D Spyware removal
RP1313: 2009-05-08 13:31:01 - Spybot-S&D Spyware removal

==== Installed Programs ======================

802.11 G Utility
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 4.0
Adobe Acrobat and Reader 6.0.3 Update
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements
Adobe Reader 6.0.1
Adobe Reader 8.1.0 - Svenska
Adobe Reader 8.1.1
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI Soft Modem
ArcSoft Panorama Maker 3.0
ArcSoft PhotoStudio 5.5
Ask Toolbar
Asteroid_Base_Music ScreenSaver
BKchem-0.11.5
BUM
C-Media High Definition Audio Driver
CA Licensing
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CanoScan 8800F
CapMan
Cordless DUALphone Suite
Creatix V.92 Data Fax Modem
DATA BECKER Visitenkarten-Druckerei Business Edition
DinPC
DOFMaster Hyperfocal Chart
getPlus(R)_ocx
Google Desktop
Google Earth
GTK+ 2.10.11 runtime environment
Helicon Filter 4.50.5
HighMAT-tillägg till Microsoft Windows XP-guiden Skriv till CD-skiva
HijackThis 2.0.2
HP Driver Diagnostics
HP Photo and Imaging 2.0 - Photosmart Printer Series
HP Photosmart Essential
HP Software Update
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2_07
Java(TM) 6 Update 11
KODAK EASYSHARE Gallery Easy Upload, v2.1
LG USB Modem driver
Macromedia Flash Player 8
Medion Flash XL 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office XP Standard
Microsoft Phishing Filter Add-in for MSN Search Toolbar
Microsoft Windows Journal Viewer
Microsoft Works
Monitor Calibration Wizard 1.0
Mozilla Firefox (3.0.10)
MSN Search Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Neat Image v5 Demo (with plug-in)
Nero Media Player
Nero OEM
NeroVision Express 3
Nikon View 6
Noiseware Community Edition
NVIDIA Drivers
Opera 9.52
PC Suite
PDF Settings
Personal 4.5.2
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 2
Playchess
Porta
PowerCinema 3.0
PowerDVD
PowerProducer
PSPad editor
Python 2.5
QuickGamma 2.0.0.3
QuickTime
RawShooter essentials 2006
Security Update for CAPICOM (KB931906)
SilverFast CanonSDK-SE 6.5.5r2
Skype 2.5
Snabbkorrigering för Windows XP (KB952287)
Säkerhetsuppdatering för Step by Step Interactive Training (KB898458)
Säkerhetsuppdatering för Step by Step Interactive Training (KB923723)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
Säkerhetsuppdatering för Windows Media Player 10 (KB936782)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows XP (KB883939)
Säkerhetsuppdatering för Windows XP (KB890046)
Säkerhetsuppdatering för Windows XP (KB893066)
Säkerhetsuppdatering för Windows XP (KB893756)
Säkerhetsuppdatering för Windows XP (KB896358)
Säkerhetsuppdatering för Windows XP (KB896422)
Säkerhetsuppdatering för Windows XP (KB896423)
Säkerhetsuppdatering för Windows XP (KB896424)
Säkerhetsuppdatering för Windows XP (KB896428)
Säkerhetsuppdatering för Windows XP (KB896688)
Säkerhetsuppdatering för Windows XP (KB899587)
Säkerhetsuppdatering för Windows XP (KB899588)
Säkerhetsuppdatering för Windows XP (KB899591)
Säkerhetsuppdatering för Windows XP (KB900725)
Säkerhetsuppdatering för Windows XP (KB901017)
Säkerhetsuppdatering för Windows XP (KB901214)
Säkerhetsuppdatering för Windows XP (KB902400)
Säkerhetsuppdatering för Windows XP (KB903235)
Säkerhetsuppdatering för Windows XP (KB904706)
Säkerhetsuppdatering för Windows XP (KB905414)
Säkerhetsuppdatering för Windows XP (KB905749)
Säkerhetsuppdatering för Windows XP (KB905915)
Säkerhetsuppdatering för Windows XP (KB908519)
Säkerhetsuppdatering för Windows XP (KB908531)
Säkerhetsuppdatering för Windows XP (KB911280)
Säkerhetsuppdatering för Windows XP (KB911562)
Säkerhetsuppdatering för Windows XP (KB911567)
Säkerhetsuppdatering för Windows XP (KB911927)
Säkerhetsuppdatering för Windows XP (KB912812)
Säkerhetsuppdatering för Windows XP (KB912919)
Säkerhetsuppdatering för Windows XP (KB913446)
Säkerhetsuppdatering för Windows XP (KB913580)
Säkerhetsuppdatering för Windows XP (KB914388)
Säkerhetsuppdatering för Windows XP (KB914389)
Säkerhetsuppdatering för Windows XP (KB916281)
Säkerhetsuppdatering för Windows XP (KB917159)
Säkerhetsuppdatering för Windows XP (KB917344)
Säkerhetsuppdatering för Windows XP (KB917422)
Säkerhetsuppdatering för Windows XP (KB917953)
Säkerhetsuppdatering för Windows XP (KB918118)
Säkerhetsuppdatering för Windows XP (KB918439)
Säkerhetsuppdatering för Windows XP (KB918899)
Säkerhetsuppdatering för Windows XP (KB919007)
Säkerhetsuppdatering för Windows XP (KB920213)
Säkerhetsuppdatering för Windows XP (KB920214)
Säkerhetsuppdatering för Windows XP (KB920670)
Säkerhetsuppdatering för Windows XP (KB920683)
Säkerhetsuppdatering för Windows XP (KB920685)
Säkerhetsuppdatering för Windows XP (KB921398)
Säkerhetsuppdatering för Windows XP (KB921503)
Säkerhetsuppdatering för Windows XP (KB921883)
Säkerhetsuppdatering för Windows XP (KB922616)
Säkerhetsuppdatering för Windows XP (KB922760)
Säkerhetsuppdatering för Windows XP (KB922819)
Säkerhetsuppdatering för Windows XP (KB923191)
Säkerhetsuppdatering för Windows XP (KB923414)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB923694)
Säkerhetsuppdatering för Windows XP (KB923980)
Säkerhetsuppdatering för Windows XP (KB924191)
Säkerhetsuppdatering för Windows XP (KB924270)
Säkerhetsuppdatering för Windows XP (KB924496)
Säkerhetsuppdatering för Windows XP (KB924667)
Säkerhetsuppdatering för Windows XP (KB925454)
Säkerhetsuppdatering för Windows XP (KB925486)
Säkerhetsuppdatering för Windows XP (KB925902)
Säkerhetsuppdatering för Windows XP (KB926255)
Säkerhetsuppdatering för Windows XP (KB926436)
Säkerhetsuppdatering för Windows XP (KB927779)
Säkerhetsuppdatering för Windows XP (KB927802)
Säkerhetsuppdatering för Windows XP (KB928090)
Säkerhetsuppdatering för Windows XP (KB928255)
Säkerhetsuppdatering för Windows XP (KB928843)
Säkerhetsuppdatering för Windows XP (KB929123)
Säkerhetsuppdatering för Windows XP (KB929969)
Säkerhetsuppdatering för Windows XP (KB930178)
Säkerhetsuppdatering för Windows XP (KB931261)
Säkerhetsuppdatering för Windows XP (KB931768)
Säkerhetsuppdatering för Windows XP (KB931784)
Säkerhetsuppdatering för Windows XP (KB932168)
Säkerhetsuppdatering för Windows XP (KB933566)
Säkerhetsuppdatering för Windows XP (KB933729)
Säkerhetsuppdatering för Windows XP (KB935839)
Säkerhetsuppdatering för Windows XP (KB935840)
Säkerhetsuppdatering för Windows XP (KB936021)
Säkerhetsuppdatering för Windows XP (KB937143)
Säkerhetsuppdatering för Windows XP (KB938127)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB938829)
Säkerhetsuppdatering för Windows XP (KB939653)
Säkerhetsuppdatering för Windows XP (KB941202)
Säkerhetsuppdatering för Windows XP (KB941568)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB941644)
Säkerhetsuppdatering för Windows XP (KB941693)
Säkerhetsuppdatering för Windows XP (KB942615)
Säkerhetsuppdatering för Windows XP (KB943055)
Säkerhetsuppdatering för Windows XP (KB943460)
Säkerhetsuppdatering för Windows XP (KB943485)
Säkerhetsuppdatering för Windows XP (KB944338)
Säkerhetsuppdatering för Windows XP (KB944533)
Säkerhetsuppdatering för Windows XP (KB944653)
Säkerhetsuppdatering för Windows XP (KB945553)
Säkerhetsuppdatering för Windows XP (KB946026)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB947864)
Säkerhetsuppdatering för Windows XP (KB948590)
Säkerhetsuppdatering för Windows XP (KB948881)
Säkerhetsuppdatering för Windows XP (KB950749)
Säkerhetsuppdatering för Windows XP (KB950759)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953838)
Säkerhetsuppdatering för Windows XP (KB953839)
Säkerhetsuppdatering för Windows XP (KB954211)
Säkerhetsuppdatering för Windows XP (KB954600)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956390)
Säkerhetsuppdatering för Windows XP (KB956391)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956841)
Säkerhetsuppdatering för Windows XP (KB957095)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958215)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB960714)
Säkerhetsuppdatering för Windows XP (KB960715)
Sony Ericsson Mobile Phone Monitor
Sony Ericsson OCS
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPER © Version 2009.bld.35 (Jan 5, 2009)
Telia SMS i Datorn för Outlook Express
TVUPlayer 2.4.1.0
Uppdatering för Windows XP (KB894391)
Uppdatering för Windows XP (KB896727)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB900485)
Uppdatering för Windows XP (KB910437)
Uppdatering för Windows XP (KB916595)
Uppdatering för Windows XP (KB920872)
Uppdatering för Windows XP (KB922582)
Uppdatering för Windows XP (KB927891)
Uppdatering för Windows XP (KB929338)
Uppdatering för Windows XP (KB930916)
Uppdatering för Windows XP (KB931836)
Uppdatering för Windows XP (KB933360)
Uppdatering för Windows XP (KB936357)
Uppdatering för Windows XP (KB938828)
Uppdatering för Windows XP (KB942763)
Uppdatering för Windows XP (KB942840)
Uppdatering för Windows XP (KB946627)
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB955839)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Säkerhetskopiering
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR
VueScan
X10 Hardware(TM)
XnView 1.95.4
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Your Freedom

==== End Of File ===========================

Thank you for helping me Blade81!

Blade81 · May 10, 2009

Hi

Ad-Aware SE is not supported anymore. I recommend to uninstall it and get the latest Ad-Aware AE later.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

cbcswed · May 11, 2009

Hi Blade81

I hope you are well. I am very grateful for your help.

I have followed your latest instructions. Below are the ComboFix and DDS logs. The ComboFix automatically chose Swedish as language. If you have any problems please let me know and I will translate for you.

I should mention that the computer is partitioned. I guess you can see it is and am not sure if it matters.

I wish you a blessed day.

ComboFix 09-05-10.05 - Kompis till Kalle 2009-05-11 12:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.1023.690 [GMT 2:00]
Körs från: c:\documents and settings\Kompis till Kalle\Skrivbord\ComboFix.exe
* Skapade en ny återställningspunkt
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\program\Need2Find
c:\program\Need2Find\bar\History\search
c:\program\Need2Find\bar\Settings\settings.dat
c:\program\Need2Find\bar\Settings\settings.dat.bak
c:\program\Need2Find\bar\Settings\settings.htm
c:\program\Need2Find\bar\Settings\settings.htm.bak
c:\windows\media\ltaskup.exe
c:\windows\smdat32m.sys
c:\windows\system32\3.ext
c:\windows\system32\Adobez.exe
c:\windows\system32\digiwet.dll
c:\windows\system32\drivers\systemntmi.sys
c:\windows\system32\mcenspc.dll
c:\windows\system32\windows.txt
c:\windows\Tasks\SysFile.brk

.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETLOGONALERTER
-------\Legacy_SYSTEMNTMI
-------\Service_NetlogonAlerter
-------\Service_systemntmi

(((((((((((((((((((((((( Filer Skapade från 2009-04-11 till 2009-05-11 ))))))))))))))))))))))))))))))
.

2009-05-08 22:54 . 2009-05-08 22:54 -------- d-----w c:\documents and settings\Administratör
2009-05-08 17:26 . 2009-05-08 17:26 -------- d-----w c:\program\Trend Micro
2009-05-07 20:31 . 2009-05-07 20:31 20480 --sha-w c:\windows\system32\actmovier.dll
2009-05-07 20:30 . 2009-05-07 20:31 88 --s-a-w c:\windows\system32\3399478855.dat
2009-04-18 20:11 . 2009-04-18 20:11 -------- d-----w c:\program\DOFChart

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 10:18 . 2004-09-10 15:19 13440 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-05-07 22:14 . 2005-11-07 11:04 -------- d-----w c:\program\Spybot - Search & Destroy
2009-04-04 15:36 . 2007-04-16 21:03 37568 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-04 15:29 . 2009-04-04 15:29 -------- d-----w c:\program\Bonjour
2009-04-04 15:29 . 2004-09-10 17:06 -------- d-----w c:\program\Delade filer\Adobe
2009-04-04 15:18 . 2009-04-04 15:18 -------- d-----w c:\program\Delade filer\Macrovision Shared
2009-03-29 09:08 . 2004-09-10 12:39 73982 ----a-w c:\windows\system32\perfc01D.dat
2009-03-29 09:08 . 2004-09-10 12:39 404840 ----a-w c:\windows\system32\perfh01D.dat
2006-04-09 08:43 . 2006-04-09 08:43 366 ----a-w c:\program\Genväg till Program.lnk
2008-09-09 10:25 . 2006-07-16 15:13 122880 ----a-w c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 . 2009-02-13 02:06 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-13 02:06 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-13 02:06 216064 --sh--r c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016]
"PCMService"="c:\program\Home Cinema\PowerCinema\PCMService.exe" [2004-10-08 81920]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"CanonSolutionMenu"="c:\program\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2004-04-02 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-12-15 1490944]
"Prism_Utility"="Prismsta.exe" - c:\windows\system32\PRISMSTA.exe [2004-01-14 215552]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Karl Lindstr”m\Start-meny\Program\Autostart\
Adobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-29 110592]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Acrobat Assistant.lnk.disabled [2009-3-28 1628]
Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-29 110592]
Cordless DUALphone Autostart.lnk.disabled [2006-11-20 804]
Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkvMon.exe.lnk.disabled [2006-4-16 1527]
PalTalk.lnk.disabled [2009-1-31 1588]
Personal.lnk - c:\program\Personal\bin\Personal.exe [2007-7-8 722728]
Windows Desktop Search.lnk - c:\program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-9-20 238080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\program\Picasa2\PicasaMediaDetector.exe
"Yahoo! Pager"="c:\program\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"=c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"SpybotSD TeaTimer"=c:\program\Spybot - Search & Destroy\TeaTimer.exe
"Telia SMS i Datorn för Outlook Express"="c:\program\Telia SMS i Datorn för Outlook Express\eSMS Executive Windows.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\program\Picasa2\PicasaMediaDetector.exe
"Google Desktop Search"="c:\program\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HP Software Update"=c:\program\Hp\HP Software Update\HPWuSchd2.exe
"HPHUPD04"="c:\program\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
"Share-to-Web Namespace Daemon"=c:\program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_07\\bin\\javaw.exe"=
"c:\\Program\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=

R2 LogWatch;Event Log Watch;c:\program\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-03-29 945152]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2004-09-10 13440]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-09-09 1272000]
S3 CA_LIC_CLNT;CA License Client;c:\program\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2006-07-16 29744]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\KARLLI~1\LOKALA~1\Temp\gUSBSTOi.sys --> c:\docume~1\KARLLI~1\LOKALA~1\Temp\gUSBSTOi.sys [?]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2004-09-09 24704]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [2005-01-25 11672]
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKLM-Run-Keyboard Status - c:\program\Medion Tools\KeyStat\KeyStat.exe
HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Extra genomsökning -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &MSN Search - c:\program\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\program\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?853f30b8fb7f465baf3b33e56676d89c
IE: Open in new foreground tab - c:\program\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?853f30b8fb7f465baf3b33e56676d89c
IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kompis till Kalle\Application Data\Mozilla\Firefox\Profiles\8m3p5nj8.default\
FF - component: c:\program\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program\Personal\bin\np_prsnl.dll
FF - plugin: c:\program\Picasa2\npPicasa2.dll
FF - plugin: c:\program\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICY ----
c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 12:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(2176)
c:\program\MSN Toolbar Suite\DB\02.05.0000.1082\en-us\dbres.dll
c:\program\MSN Toolbar Suite\EXT\02.05.0001.1119\en-us\msnlExtRes.dll
c:\docume~1\KOMPIS~1\LOKALA~1\Temp\MSNTBFltr.cab.1130945306\msntbfltr.dll
c:\windows\system32\browselc.dll
c:\program\CyberLink\Shared Files\CLRCEngine.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program\Bonjour\mDNSResponder.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\program\COMMON~1\X10\Common\X10nets.exe
c:\program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program\MSN Toolbar Suite\SL\02.05.0001.1119\en-us\msn_sl.exe
.
**************************************************************************
.
Sluttid: 2009-05-11 12:30 - datorn startades om.
ComboFix-quarantined-files.txt 2009-05-11 10:30

Före genomsökningen: 50*190*983*168 byte ledigt
Efter genomsökningen: 50*496*835*584 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

230 --- E O F --- 2009-03-02 14:02

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kompis till Kalle at 12:37:23,00 on 2009-05-11
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.1023.627 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program\Home Cinema\PowerCinema\PCMService.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\COMMON~1\X10\Common\x10nets.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kompis till Kalle\Skrivbord\dds.com

============== Pseudo HJT Report ===============

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Dit] Dit.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PCMService] "c:\program\home cinema\powercinema\PCMService.exe"
mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"
mRun: [Prism_Utility] Prismsta.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [CanonSolutionMenu] c:\program\canon\solutionmenu\CNSLMAIN.exe /logon
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\Acrobat Assistant.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\Cordless DUALphone Autostart.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\NkvMon.exe.lnk.disabled
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\PalTalk.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\msn toolbar suite\ds\02.05.0001.1119\en-us\bin\WindowsSearch.exe
IE: &MSN Search - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\program\micros~3\office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/229?853f30b8fb7f465baf3b33e56676d89c
IE: Open in new foreground tab - c:\program\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/230?853f30b8fb7f465baf3b33e56676d89c
IE: Yahoo! &Dictionary - file:///c:\program\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program\yahoo!\Common/ycsms.htm
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} - hxxp://euronics.vsfl.se/photos/upload/PictureChooser.cab
DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} - hxxp://euronics.vsfl.se/photos/upload/upload.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://www.bigfishgames.com/online/luxor/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kompis~1\applic~1\mozilla\firefox\profiles\8m3p5nj8.default\
FF - component: c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program\personal\bin\np_prsnl.dll
FF - plugin: c:\program\picasa2\npPicasa2.dll
FF - plugin: c:\program\quicktime\plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R2 LogWatch;Event Log Watch;c:\program\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-3-29 945152]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2004-9-10 13440]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-9-9 1272000]
S3 CA_LIC_CLNT;CA License Client;c:\program\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program\google\google desktop search\GoogleDesktop.exe [2006-7-16 29744]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\karlli~1\lokala~1\temp\gusbstoi.sys --> c:\docume~1\karlli~1\lokala~1\temp\gUSBSTOi.sys [?]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2004-9-9 24704]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [2005-1-25 11672]

=============== Created Last 30 ================

2009-05-11 12:20 <DIR> a-dshr-- C:\cmdcons
2009-05-11 12:19 161,792 a------- c:\windows\SWREG.exe
2009-05-11 12:19 117,248 a------- c:\windows\vFind.exe
2009-05-11 12:19 98,816 a------- c:\windows\sed.exe
2009-05-08 19:26 <DIR> --d----- c:\program\Trend Micro
2009-05-08 14:05 <DIR> --d----- c:\windows\pss
2009-05-07 22:31 20,480 a--sh--- c:\windows\system32\actmovier.dll
2009-05-07 22:30 88 a--s---- c:\windows\system32\3399478855.dat
2009-05-04 16:08 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-04 16:08 1,409 a------- c:\windows\QTFont.for
2009-04-18 22:11 <DIR> --d----- c:\program\DOFChart

==================== Find3M ====================

2009-05-11 12:18 13,440 a------- c:\windows\system32\drivers\USBCRFT.SYS
2009-04-04 17:36 37,568 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-29 11:08 404,840 a------- c:\windows\system32\perfh01D.dat
2009-03-29 11:08 73,982 a------- c:\windows\system32\perfc01D.dat
2008-07-22 16:13 37,176 a------- c:\docume~1\kompis~1\applic~1\GDIPFONTCACHEV1.DAT
2007-03-15 13:59 1,342 a------- c:\docume~1\kompis~1\applic~1\wklnhst.dat
2006-04-09 10:43 366 a------- c:\program\Genväg till Program.lnk
2006-05-03 12:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 13:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 15:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 12:37:31,81 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2005-07-19 19:10:56
System Uptime: 2009-05-11 12:26:16 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7046
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Socket 478 | 3391/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Socket 478 | 3391/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 116 GiB total, 47,046 GiB free.
D: is FIXED (NTFS) - 104 GiB total, 103,131 GiB free.
E: is FIXED (FAT32) - 12 GiB total, 10,404 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1262: 2009-03-14 20:47:31 - Systemkontrollpunkt
RP1263: 2009-03-14 23:07:10 - Systemkontrollpunkt
RP1264: 2009-03-16 18:05:24 - Systemkontrollpunkt
RP1265: 2009-03-17 18:37:15 - Systemkontrollpunkt
RP1266: 2009-03-18 18:55:20 - Systemkontrollpunkt
RP1267: 2009-03-19 19:52:06 - Systemkontrollpunkt
RP1268: 2009-03-20 20:15:48 - Systemkontrollpunkt
RP1269: 2009-03-21 20:37:58 - Systemkontrollpunkt
RP1270: 2009-03-22 21:26:40 - Systemkontrollpunkt
RP1271: 2009-03-24 10:41:35 - Systemkontrollpunkt
RP1272: 2009-03-26 09:16:42 - Systemkontrollpunkt
RP1273: 2009-03-27 10:07:14 - Systemkontrollpunkt
RP1274: 2009-03-28 14:05:54 - Systemkontrollpunkt
RP1275: 2009-03-29 19:30:49 - Systemkontrollpunkt
RP1276: 2009-03-30 23:06:35 - Systemkontrollpunkt
RP1277: 2009-04-01 11:09:41 - Systemkontrollpunkt
RP1278: 2009-04-02 16:21:49 - Systemkontrollpunkt
RP1279: 2009-04-03 17:03:08 - Systemkontrollpunkt
RP1280: 2009-04-04 13:19:30 - Removed Adobe Photoshop CS2
RP1281: 2009-04-05 14:04:54 - Systemkontrollpunkt
RP1282: 2009-04-06 17:26:38 - Systemkontrollpunkt
RP1283: 2009-04-07 19:07:19 - Systemkontrollpunkt
RP1284: 2009-04-08 19:39:00 - Systemkontrollpunkt
RP1285: 2009-04-09 23:17:57 - Systemkontrollpunkt
RP1286: 2009-04-11 00:24:09 - Systemkontrollpunkt
RP1287: 2009-04-12 12:08:28 - Systemkontrollpunkt
RP1288: 2009-04-13 15:16:57 - Systemkontrollpunkt
RP1289: 2009-04-14 15:49:15 - Systemkontrollpunkt
RP1290: 2009-04-15 16:05:11 - Systemkontrollpunkt
RP1291: 2009-04-16 16:25:10 - Systemkontrollpunkt
RP1292: 2009-04-17 18:13:26 - Systemkontrollpunkt
RP1293: 2009-04-18 19:44:46 - Systemkontrollpunkt
RP1294: 2009-04-20 08:29:54 - Systemkontrollpunkt
RP1295: 2009-04-21 08:30:57 - Systemkontrollpunkt
RP1296: 2009-04-22 21:03:46 - Systemkontrollpunkt
RP1297: 2009-04-23 23:51:31 - Systemkontrollpunkt
RP1298: 2009-04-25 17:35:15 - Systemkontrollpunkt
RP1299: 2009-04-26 20:36:43 - Systemkontrollpunkt
RP1300: 2009-04-27 23:56:22 - Systemkontrollpunkt
RP1301: 2009-04-29 12:15:07 - Systemkontrollpunkt
RP1302: 2009-04-30 12:20:08 - Systemkontrollpunkt
RP1303: 2009-05-01 12:58:22 - Systemkontrollpunkt
RP1304: 2009-05-02 13:05:22 - Systemkontrollpunkt
RP1305: 2009-05-03 13:40:43 - Systemkontrollpunkt
RP1306: 2009-05-04 16:05:11 - Systemkontrollpunkt
RP1307: 2009-05-05 19:49:02 - Systemkontrollpunkt
RP1308: 2009-05-07 11:26:54 - Systemkontrollpunkt
RP1309: 2009-05-08 00:46:36 - Spybot-S&D Spyware removal
RP1310: 2009-05-08 02:03:07 - Spybot-S&D Spyware removal
RP1311: 2009-05-08 09:18:11 - Spybot-S&D Spyware removal
RP1312: 2009-05-08 13:03:58 - Spybot-S&D Spyware removal
RP1313: 2009-05-08 13:31:01 - Spybot-S&D Spyware removal
RP1314: 2009-05-11 12:19:28 - ComboFix created restore point

==== Installed Programs ======================

802.11 G Utility
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 4.0
Adobe Acrobat and Reader 6.0.3 Update
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements
Adobe Reader 6.0.1
Adobe Reader 8.1.0 - Svenska
Adobe Reader 8.1.1
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI Soft Modem
ArcSoft Panorama Maker 3.0
ArcSoft PhotoStudio 5.5
Ask Toolbar
Asteroid_Base_Music ScreenSaver
BKchem-0.11.5
BUM
C-Media High Definition Audio Driver
CA Licensing
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CanoScan 8800F
CapMan
Cordless DUALphone Suite
Creatix V.92 Data Fax Modem
DATA BECKER Visitenkarten-Druckerei Business Edition
DinPC
DOFMaster Hyperfocal Chart
getPlus(R)_ocx
Google Desktop
Google Earth
GTK+ 2.10.11 runtime environment
Helicon Filter 4.50.5
HighMAT-tillägg till Microsoft Windows XP-guiden Skriv till CD-skiva
HijackThis 2.0.2
HP Driver Diagnostics
HP Photo and Imaging 2.0 - Photosmart Printer Series
HP Photosmart Essential
HP Software Update
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2_07
Java(TM) 6 Update 11
KODAK EASYSHARE Gallery Easy Upload, v2.1
LG USB Modem driver
Macromedia Flash Player 8
Medion Flash XL 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office XP Standard
Microsoft Phishing Filter Add-in for MSN Search Toolbar
Microsoft Windows Journal Viewer
Microsoft Works
Monitor Calibration Wizard 1.0
Mozilla Firefox (3.0.10)
MSN Search Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Neat Image v5 Demo (with plug-in)
Nero Media Player
Nero OEM
NeroVision Express 3
Nikon View 6
Noiseware Community Edition
NVIDIA Drivers
Opera 9.52
PC Suite
PDF Settings
Personal 4.5.2
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 2
Playchess
Porta
PowerCinema 3.0
PowerDVD
PowerProducer
PSPad editor
Python 2.5
QuickGamma 2.0.0.3
QuickTime
RawShooter essentials 2006
Security Update for CAPICOM (KB931906)
SilverFast CanonSDK-SE 6.5.5r2
Skype 2.5
Snabbkorrigering för Windows XP (KB952287)
Säkerhetsuppdatering för Step by Step Interactive Training (KB898458)
Säkerhetsuppdatering för Step by Step Interactive Training (KB923723)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
Säkerhetsuppdatering för Windows Media Player 10 (KB936782)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows XP (KB883939)
Säkerhetsuppdatering för Windows XP (KB890046)
Säkerhetsuppdatering för Windows XP (KB893066)
Säkerhetsuppdatering för Windows XP (KB893756)
Säkerhetsuppdatering för Windows XP (KB896358)
Säkerhetsuppdatering för Windows XP (KB896422)
Säkerhetsuppdatering för Windows XP (KB896423)
Säkerhetsuppdatering för Windows XP (KB896424)
Säkerhetsuppdatering för Windows XP (KB896428)
Säkerhetsuppdatering för Windows XP (KB896688)
Säkerhetsuppdatering för Windows XP (KB899587)
Säkerhetsuppdatering för Windows XP (KB899588)
Säkerhetsuppdatering för Windows XP (KB899591)
Säkerhetsuppdatering för Windows XP (KB900725)
Säkerhetsuppdatering för Windows XP (KB901017)
Säkerhetsuppdatering för Windows XP (KB901214)
Säkerhetsuppdatering för Windows XP (KB902400)
Säkerhetsuppdatering för Windows XP (KB903235)
Säkerhetsuppdatering för Windows XP (KB904706)
Säkerhetsuppdatering för Windows XP (KB905414)
Säkerhetsuppdatering för Windows XP (KB905749)
Säkerhetsuppdatering för Windows XP (KB905915)
Säkerhetsuppdatering för Windows XP (KB908519)
Säkerhetsuppdatering för Windows XP (KB908531)
Säkerhetsuppdatering för Windows XP (KB911280)
Säkerhetsuppdatering för Windows XP (KB911562)
Säkerhetsuppdatering för Windows XP (KB911567)
Säkerhetsuppdatering för Windows XP (KB911927)
Säkerhetsuppdatering för Windows XP (KB912812)
Säkerhetsuppdatering för Windows XP (KB912919)
Säkerhetsuppdatering för Windows XP (KB913446)
Säkerhetsuppdatering för Windows XP (KB913580)
Säkerhetsuppdatering för Windows XP (KB914388)
Säkerhetsuppdatering för Windows XP (KB914389)
Säkerhetsuppdatering för Windows XP (KB916281)
Säkerhetsuppdatering för Windows XP (KB917159)
Säkerhetsuppdatering för Windows XP (KB917344)
Säkerhetsuppdatering för Windows XP (KB917422)
Säkerhetsuppdatering för Windows XP (KB917953)
Säkerhetsuppdatering för Windows XP (KB918118)
Säkerhetsuppdatering för Windows XP (KB918439)
Säkerhetsuppdatering för Windows XP (KB918899)
Säkerhetsuppdatering för Windows XP (KB919007)
Säkerhetsuppdatering för Windows XP (KB920213)
Säkerhetsuppdatering för Windows XP (KB920214)
Säkerhetsuppdatering för Windows XP (KB920670)
Säkerhetsuppdatering för Windows XP (KB920683)
Säkerhetsuppdatering för Windows XP (KB920685)
Säkerhetsuppdatering för Windows XP (KB921398)
Säkerhetsuppdatering för Windows XP (KB921503)
Säkerhetsuppdatering för Windows XP (KB921883)
Säkerhetsuppdatering för Windows XP (KB922616)
Säkerhetsuppdatering för Windows XP (KB922760)
Säkerhetsuppdatering för Windows XP (KB922819)
Säkerhetsuppdatering för Windows XP (KB923191)
Säkerhetsuppdatering för Windows XP (KB923414)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB923694)
Säkerhetsuppdatering för Windows XP (KB923980)
Säkerhetsuppdatering för Windows XP (KB924191)
Säkerhetsuppdatering för Windows XP (KB924270)
Säkerhetsuppdatering för Windows XP (KB924496)
Säkerhetsuppdatering för Windows XP (KB924667)
Säkerhetsuppdatering för Windows XP (KB925454)
Säkerhetsuppdatering för Windows XP (KB925486)
Säkerhetsuppdatering för Windows XP (KB925902)
Säkerhetsuppdatering för Windows XP (KB926255)
Säkerhetsuppdatering för Windows XP (KB926436)
Säkerhetsuppdatering för Windows XP (KB927779)
Säkerhetsuppdatering för Windows XP (KB927802)
Säkerhetsuppdatering för Windows XP (KB928090)
Säkerhetsuppdatering för Windows XP (KB928255)
Säkerhetsuppdatering för Windows XP (KB928843)
Säkerhetsuppdatering för Windows XP (KB929123)
Säkerhetsuppdatering för Windows XP (KB929969)
Säkerhetsuppdatering för Windows XP (KB930178)
Säkerhetsuppdatering för Windows XP (KB931261)
Säkerhetsuppdatering för Windows XP (KB931768)
Säkerhetsuppdatering för Windows XP (KB931784)
Säkerhetsuppdatering för Windows XP (KB932168)
Säkerhetsuppdatering för Windows XP (KB933566)
Säkerhetsuppdatering för Windows XP (KB933729)
Säkerhetsuppdatering för Windows XP (KB935839)
Säkerhetsuppdatering för Windows XP (KB935840)
Säkerhetsuppdatering för Windows XP (KB936021)
Säkerhetsuppdatering för Windows XP (KB937143)
Säkerhetsuppdatering för Windows XP (KB938127)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB938829)
Säkerhetsuppdatering för Windows XP (KB939653)
Säkerhetsuppdatering för Windows XP (KB941202)
Säkerhetsuppdatering för Windows XP (KB941568)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB941644)
Säkerhetsuppdatering för Windows XP (KB941693)
Säkerhetsuppdatering för Windows XP (KB942615)
Säkerhetsuppdatering för Windows XP (KB943055)
Säkerhetsuppdatering för Windows XP (KB943460)
Säkerhetsuppdatering för Windows XP (KB943485)
Säkerhetsuppdatering för Windows XP (KB944338)
Säkerhetsuppdatering för Windows XP (KB944533)
Säkerhetsuppdatering för Windows XP (KB944653)
Säkerhetsuppdatering för Windows XP (KB945553)
Säkerhetsuppdatering för Windows XP (KB946026)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB947864)
Säkerhetsuppdatering för Windows XP (KB948590)
Säkerhetsuppdatering för Windows XP (KB948881)
Säkerhetsuppdatering för Windows XP (KB950749)
Säkerhetsuppdatering för Windows XP (KB950759)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953838)
Säkerhetsuppdatering för Windows XP (KB953839)
Säkerhetsuppdatering för Windows XP (KB954211)
Säkerhetsuppdatering för Windows XP (KB954600)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956390)
Säkerhetsuppdatering för Windows XP (KB956391)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956841)
Säkerhetsuppdatering för Windows XP (KB957095)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958215)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB960714)
Säkerhetsuppdatering för Windows XP (KB960715)
Sony Ericsson Mobile Phone Monitor
Sony Ericsson OCS
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPER © Version 2009.bld.35 (Jan 5, 2009)
Telia SMS i Datorn för Outlook Express
TVUPlayer 2.4.1.0
Uppdatering för Windows XP (KB894391)
Uppdatering för Windows XP (KB896727)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB900485)
Uppdatering för Windows XP (KB910437)
Uppdatering för Windows XP (KB916595)
Uppdatering för Windows XP (KB920872)
Uppdatering för Windows XP (KB922582)
Uppdatering för Windows XP (KB927891)
Uppdatering för Windows XP (KB929338)
Uppdatering för Windows XP (KB930916)
Uppdatering för Windows XP (KB931836)
Uppdatering för Windows XP (KB933360)
Uppdatering för Windows XP (KB936357)
Uppdatering för Windows XP (KB938828)
Uppdatering för Windows XP (KB942763)
Uppdatering för Windows XP (KB942840)
Uppdatering för Windows XP (KB946627)
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB955839)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Säkerhetskopiering
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR
VueScan
X10 Hardware(TM)
XnView 1.95.4
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Your Freedom

==== End Of File ===========================

cbcswed · May 11, 2009

I should add:

Spybot S&D scan now shows no threats any longer.

Blade81 · May 11, 2009

Hi

I'm feeling pretty good, thank you

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\system32\actmovier.dll
c:\windows\system32\3399478855.dat

DDS::
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\j2re1.4.2_07\\bin\\javaw.exe"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

cbcswed · May 11, 2009

Good evening

I have followed your instructions and I did not experience any problems.

Combofix scan took about 3 minutes and it proceeded automatically with no need to end any processes. It did not reboot computer as I believe it did the first time I used it.

The Kaspersky scan has found some threats and infected items.

I will post the logs below. Thank you very much

cbcswed · May 11, 2009

Kaspersky online scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 11, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 11, 2009 19:13:09
Records in database: 2162472
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 140151
Threat name: 7
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 01:37:59

File name / Threat name / Threats count
C:\Documents and Settings\Karl Lindström\Karl Lindström.exe Infected: Trojan.Win32.Rabbit.af 1
C:\Qoobox\Quarantine\C\WINDOWS\Media\LTaskup.exe.vir Infected: Backdoor.Win32.Delf.bwh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\actmovier.dll.vir Infected: Backdoor.Win32.Agent.tzl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Adobez.exe.vir Infected: Trojan.Win32.Agent2.jbn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\digiwet.dll.vir Infected: Backdoor.Win32.IRCBot.jkm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\systemntmi.sys.vir Infected: Rootkit.Win32.Agent.ikz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mcenspc.dll.vir Infected: Trojan.Win32.Agent2.exy 1
C:\System Volume Information\_restore{0F8BFCF7-FA39-4777-B7A2-61AE257D55C7}\RP1314\A0213781.exe Infected: Backdoor.Win32.Delf.bwh 1
C:\System Volume Information\_restore{0F8BFCF7-FA39-4777-B7A2-61AE257D55C7}\RP1314\A0213783.dll Infected: Backdoor.Win32.IRCBot.jkm 1
C:\System Volume Information\_restore{0F8BFCF7-FA39-4777-B7A2-61AE257D55C7}\RP1314\A0213784.sys Infected: Rootkit.Win32.Agent.ikz 1
C:\System Volume Information\_restore{0F8BFCF7-FA39-4777-B7A2-61AE257D55C7}\RP1314\A0213785.dll Infected: Trojan.Win32.Agent2.exy 1
C:\System Volume Information\_restore{0F8BFCF7-FA39-4777-B7A2-61AE257D55C7}\RP1314\A0213788.exe Infected: Trojan.Win32.Agent2.jbn 1
C:\System Volume Information\_restore{0F8BFCF7-FA39-4777-B7A2-61AE257D55C7}\RP1314\A0214025.dll Infected: Backdoor.Win32.Agent.tzl 1

The selected area was scanned.

cbcswed · May 11, 2009

ComboFix scan

ComboFix 09-05-10.07 - Kompis till Kalle 2009-05-11 18:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.1023.712 [GMT 2:00]
Körs från: c:\documents and settings\Kompis till Kalle\Skrivbord\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Kompis till Kalle\Skrivbord\CFScript.txt

FILE ::
c:\windows\system32\3399478855.dat
c:\windows\system32\actmovier.dll
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\3399478855.dat
c:\windows\system32\actmovier.dll

.
(((((((((((((((((((((((( Filer Skapade från 2009-04-11 till 2009-05-11 ))))))))))))))))))))))))))))))
.

2009-05-08 22:54 . 2009-05-08 22:54 -------- d-----w c:\documents and settings\Administratör
2009-05-08 17:26 . 2009-05-08 17:26 -------- d-----w c:\program\Trend Micro
2009-04-18 20:11 . 2009-04-18 20:11 -------- d-----w c:\program\DOFChart

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 16:26 . 2004-09-10 15:19 13440 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-05-07 22:14 . 2005-11-07 11:04 -------- d-----w c:\program\Spybot - Search & Destroy
2009-04-04 15:36 . 2007-04-16 21:03 37568 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-04 15:29 . 2009-04-04 15:29 -------- d-----w c:\program\Bonjour
2009-04-04 15:29 . 2004-09-10 17:06 -------- d-----w c:\program\Delade filer\Adobe
2009-04-04 15:18 . 2009-04-04 15:18 -------- d-----w c:\program\Delade filer\Macrovision Shared
2009-03-29 09:08 . 2004-09-10 12:39 73982 ----a-w c:\windows\system32\perfc01D.dat
2009-03-29 09:08 . 2004-09-10 12:39 404840 ----a-w c:\windows\system32\perfh01D.dat
2006-04-09 08:43 . 2006-04-09 08:43 366 ----a-w c:\program\Genväg till Program.lnk
2008-09-09 10:25 . 2006-07-16 15:13 122880 ----a-w c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 . 2009-02-13 02:06 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-13 02:06 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-13 02:06 216064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-11_10.27.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-11 16:25 . 2009-05-11 16:25 16384 c:\windows\Temp\Perflib_Perfdata_568.dat
- 2009-05-11 10:26 . 2009-05-11 10:26 16384 c:\windows\Temp\Perflib_Perfdata_568.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016]
"PCMService"="c:\program\Home Cinema\PowerCinema\PCMService.exe" [2004-10-08 81920]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"CanonSolutionMenu"="c:\program\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2004-04-02 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-12-15 1490944]
"Prism_Utility"="Prismsta.exe" - c:\windows\system32\PRISMSTA.exe [2004-01-14 215552]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Karl Lindstr”m\Start-meny\Program\Autostart\
Adobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-29 110592]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Acrobat Assistant.lnk.disabled [2009-3-28 1628]
Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-29 110592]
Cordless DUALphone Autostart.lnk.disabled [2006-11-20 804]
Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkvMon.exe.lnk.disabled [2006-4-16 1527]
PalTalk.lnk.disabled [2009-1-31 1588]
Personal.lnk - c:\program\Personal\bin\Personal.exe [2007-7-8 722728]
Windows Desktop Search.lnk - c:\program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-9-20 238080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\program\Picasa2\PicasaMediaDetector.exe
"Yahoo! Pager"="c:\program\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"=c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"SpybotSD TeaTimer"=c:\program\Spybot - Search & Destroy\TeaTimer.exe
"Telia SMS i Datorn för Outlook Express"="c:\program\Telia SMS i Datorn för Outlook Express\eSMS Executive Windows.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\program\Picasa2\PicasaMediaDetector.exe
"Google Desktop Search"="c:\program\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HP Software Update"=c:\program\Hp\HP Software Update\HPWuSchd2.exe
"HPHUPD04"="c:\program\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
"Share-to-Web Namespace Daemon"=c:\program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program\\NetMeeting\\Conf.exe"=
"c:\\Program\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\Dit.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=

R2 LogWatch;Event Log Watch;c:\program\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-03-29 945152]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2004-09-10 13440]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-09-09 1272000]
S3 CA_LIC_CLNT;CA License Client;c:\program\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2006-07-16 29744]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\KARLLI~1\LOKALA~1\Temp\gUSBSTOi.sys --> c:\docume~1\KARLLI~1\LOKALA~1\Temp\gUSBSTOi.sys [?]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2004-09-09 24704]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [2005-01-25 11672]
.
.
------- Extra genomsökning -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &MSN Search - c:\program\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\program\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?853f30b8fb7f465baf3b33e56676d89c
IE: Open in new foreground tab - c:\program\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?853f30b8fb7f465baf3b33e56676d89c
IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kompis till Kalle\Application Data\Mozilla\Firefox\Profiles\8m3p5nj8.default\
FF - component: c:\program\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program\Personal\bin\np_prsnl.dll
FF - plugin: c:\program\Picasa2\npPicasa2.dll
FF - plugin: c:\program\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICY ----
c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 18:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Sluttid: 2009-05-11 18:35
ComboFix-quarantined-files.txt 2009-05-11 16:35
ComboFix2.txt 2009-05-11 10:30

Före genomsökningen: 50*497*458*176 byte ledigt
Efter genomsökningen: 50*484*310*016 byte ledigt

151 --- E O F --- 2009-03-02 14:02

cbcswed · May 11, 2009

DDS.text

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kompis till Kalle at 21:17:47,95 on 2009-05-11
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.1023.495 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Dit.exe
C:\Program\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\COMMON~1\X10\Common\x10nets.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Java\jre6\bin\java.exe
C:\Documents and Settings\Kompis till Kalle\Lokala inställningar\temp\jkos-Kompis till Kalle\binaries\ScanningProcess.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kompis till Kalle\Skrivbord\dds.com

============== Pseudo HJT Report ===============

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - k:\adobe cs\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Dit] Dit.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PCMService] "c:\program\home cinema\powercinema\PCMService.exe"
mRun: [Prism_Utility] Prismsta.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [CanonSolutionMenu] c:\program\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\Acrobat Assistant.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\Cordless DUALphone Autostart.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\NkvMon.exe.lnk.disabled
StartupFolder: c:\documents and settings\all users\start-meny\program\autostart\PalTalk.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\msn toolbar suite\ds\02.05.0001.1119\en-us\bin\WindowsSearch.exe
IE: &MSN Search - c:\program\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\program\micros~3\office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/229?853f30b8fb7f465baf3b33e56676d89c
IE: Open in new foreground tab - c:\program\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/230?853f30b8fb7f465baf3b33e56676d89c
IE: Yahoo! &Dictionary - file:///c:\program\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program\yahoo!\Common/ycsms.htm
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} - hxxp://euronics.vsfl.se/photos/upload/PictureChooser.cab
DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} - hxxp://euronics.vsfl.se/photos/upload/upload.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://www.bigfishgames.com/online/luxor/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kompis~1\applic~1\mozilla\firefox\profiles\8m3p5nj8.default\
FF - component: c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program\opera\program\plugins\npjpi160_11.dll
FF - plugin: c:\program\opera\program\plugins\npoji610.dll
FF - plugin: c:\program\personal\bin\np_prsnl.dll
FF - plugin: c:\program\picasa2\npPicasa2.dll
FF - plugin: c:\program\quicktime\plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R2 LogWatch;Event Log Watch;c:\program\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-3-29 945152]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2004-9-10 13440]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-9-9 1272000]
S3 CA_LIC_CLNT;CA License Client;c:\program\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program\google\google desktop search\GoogleDesktop.exe [2006-7-16 29744]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\karlli~1\lokala~1\temp\gusbstoi.sys --> c:\docume~1\karlli~1\lokala~1\temp\gUSBSTOi.sys [?]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2004-9-9 24704]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [2005-1-25 11672]

=============== Created Last 30 ================

2009-05-11 19:09 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-11 18:31 <DIR> --d----- C:\ComboFix
2009-05-11 12:20 <DIR> a-dshr-- C:\cmdcons
2009-05-11 12:19 161,792 a------- c:\windows\SWREG.exe
2009-05-11 12:19 117,248 a------- c:\windows\vFind.exe
2009-05-11 12:19 98,816 a------- c:\windows\sed.exe
2009-05-08 19:26 <DIR> --d----- c:\program\Trend Micro
2009-05-08 14:05 <DIR> --d----- c:\windows\pss
2009-05-04 16:08 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-04 16:08 1,409 a------- c:\windows\QTFont.for
2009-04-18 22:11 <DIR> --d----- c:\program\DOFChart

==================== Find3M ====================

2009-05-11 19:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 19:08 13,440 a------- c:\windows\system32\drivers\USBCRFT.SYS
2009-04-04 17:36 37,568 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-29 11:08 404,840 a------- c:\windows\system32\perfh01D.dat
2009-03-29 11:08 73,982 a------- c:\windows\system32\perfc01D.dat
2008-07-22 16:13 37,176 a------- c:\docume~1\kompis~1\applic~1\GDIPFONTCACHEV1.DAT
2007-03-15 13:59 1,342 a------- c:\docume~1\kompis~1\applic~1\wklnhst.dat
2006-04-09 10:43 366 a------- c:\program\Genväg till Program.lnk
2006-05-03 12:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 13:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 15:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 21:18:13,37 ===============

Blade81 · May 12, 2009

Hi

Delete C:\Documents and Settings\Karl Lindström\Karl Lindström.exe file.

Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

dds.com file and related logs (attach.txt and dds.txt) can be deleted too.

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

hosts file:
- Every version of windows has a hosts file as part of them.
- In a very basic sense, they are used to locate webpages.
- We can customize a hosts file so that it blocks certain webpages.
- However, it can slow down certain computers.
- This is why using a hosts file is optional!!
Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir
Avast!
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!).

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

cbcswed · May 13, 2009

Hi Blade

Blessings to you! Thank you so much. Without your help I would have had to reformat and reinstall which I am very happy to avoid. It is very important to me that the computer is working again. I am most grateful that you also help me to update and get rid of the security threats I was not aware of. The computer is stable now and doesn't turn itself off without my command. I have not used it for anything yet not related to your instrutions but I will let you know later on if I will experience any problems with everyday operation. Will you keep the thread active for a while or should I post in another category of the forum?

The Kaspersky scan shows some infected items in C:\Qoobox\Quarantine. Are those old quarantined viruses? I bought the computer used and the previous owner told me he had had some viruses quarantined.

I wish you a wonderful day

Chris

cbcswed · May 13, 2009

I forgot one question,

I am unsure if I should delete C:\Documents and Settings\Karl Lindström\Karl Lindström.exe file with software or just the normal way with right click and delete.

Blade81 · May 13, 2009

Hi Chris

The Kaspersky scan shows some infected items in C:\Qoobox\Quarantine. Are those old quarantined viruses? I bought the computer used and the previous owner told me he had had some viruses quarantined.

Those should be gone after ComboFix has been uninstalled

I am unsure if I should delete C:\Documents and Settings\Karl Lindström\Karl Lindström.exe file with software or just the normal way with right click and delete.

You may do it in normal way. Remember to empty recycler bin after that.

cbcswed · May 13, 2009

Hi Blade

I am unsure about one thing concerning Reset system restore. The Administrator is only accessible in Safe Mode. Normal start and login has two accounts but neither is administrator. Should I reset system restore from Administrator in Safe mode?

Many thanks

Blade81 · May 13, 2009

Hi

The account name doesn't really matter only the type of account does

You may do resetting with the same account that you've used during this fixing process.

cbcswed · May 13, 2009

Wow that was a quick reply!

Have a great evening!

cbcswed · May 14, 2009

Hi Blade

The computer works very well again. I have done all the updates successfully except for one. There is a problem after trying to update from Internet Explorer 6 to Internet Explorer 7. Installation of Explorer 7 seems to finalize but after it says that computer needs to be restarted and that I should read the "Internet Explorer Troubleshooting" file on the desktop (I did temporarily disable Avast and Comodo during install). After restart I realize there is no IE7 but I am still in IE6. All the files and updates for IE7 were however downloaded and installed (?). What is worse, Google and a few other websites are so slow after the (unsucessful) installation of IE7 that they are not usable. This happens both in IE6 and Firefox. I have tried with and without the mvps.org hosts file in system32\drivers\etc. It makes no difference. I cannot believe the installation attempt of IE7 has slowed down google. I have tried to uninstall IE7 again but I have no idea how to do that.

Win32.Delf.uv and Hupigon13

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

New member

New member

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member