[LØST]CID pop-ups problemer

Gangstah · 11. august 2008

Hei!

Jeg sliter som flere andre her med de irriterende CID adsene som kommer opp hele tiden uten stopp.

Her er loggen fra HJT:

Logfile of HijackThis v1.99.1

Scan saved at 08:07:44, on 11.08.2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\19052ARAM1\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe",

O1 - Hosts: ::1 localhost

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [softGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart

O4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [vc log bows face] "C:\ProgramData\Heck blue rdr.a7vieit"

O4 - HKLM\..\Run: [Htm Second] "C:\ProgramData\magsstorestore.jvkrt7y"

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = skole.troms.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe

O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Combofix logg:

ComboFix 08-08-10.02 - 19052ARAM1 2008-08-11 9:26:32.2 - NTFSx86

Microsoft® Windows Vista™ Enterprise 6.0.6000.0.1252.1.1044.18.986 [GMT 2:00]

Running from: C:\Users\19052ARAM1\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

C:\Users\19052ARAM1\AppData\Roaming\macromedia\Flash Player\#SharedObjects\APJ7FWQJ\interclick.com

C:\Users\19052ARAM1\AppData\Roaming\macromedia\Flash Player\#SharedObjects\APJ7FWQJ\interclick.com\ud.sol

C:\Users\19052ARAM1\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Users\19052ARAM1\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\Windows\Downloaded Program Files\setup.inf

C:\Windows\System32\GQWEKRqr.ini

C:\Windows\System32\GQWEKRqr.ini2

C:\Windows\System32\qtwvyGgh.ini

C:\Windows\System32\qtwvyGgh.ini2

.

((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))

.

2008-08-11 07:43 . 2008-08-11 07:43 106 --a------ C:\delete.bat

2008-08-11 06:26 . 2008-08-11 06:26 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-08-11 06:26 . 2008-08-11 06:26 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-08-11 06:25 . 2008-08-11 06:25 <DIR> d-------- C:\Users\19052ARAM1\AppData\Roaming\SUPERAntiSpyware.com

2008-08-11 06:25 . 2008-08-11 06:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-11 06:12 . 2008-08-11 06:12 268 --ah----- C:\sqmdata07.sqm

2008-08-11 06:12 . 2008-08-11 06:12 244 --ah----- C:\sqmnoopt07.sqm

2008-08-11 05:49 . 2008-08-11 05:49 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-08-11 05:49 . 2008-08-11 05:49 <DIR> d-------- C:\Users\19052ARAM1\AppData\Roaming\Malwarebytes

2008-08-11 05:49 . 2008-08-11 05:49 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-08-11 05:49 . 2008-08-11 05:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-11 05:49 . 2008-07-30 20:15 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-08-11 05:49 . 2008-07-30 20:15 17,144 --a------ C:\Windows\System32\drivers\mbam.sys

2008-08-08 05:14 . 2008-08-08 05:14 <DIR> d--h----- C:\$AVG8.VAULT$

2008-08-08 04:51 . 2008-08-11 03:12 <DIR> d-------- C:\Windows\System32\drivers\Avg

2008-08-08 04:51 . 2008-08-08 04:51 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys

2008-08-08 04:51 . 2008-08-08 04:51 10,520 --a------ C:\Windows\System32\avgrsstx.dll

2008-08-08 04:50 . 2008-08-11 09:11 <DIR> d-------- C:\Users\All Users\avg8

2008-08-08 04:50 . 2008-08-11 09:11 <DIR> d-------- C:\ProgramData\avg8

2008-08-08 04:50 . 2008-08-08 04:50 <DIR> d-------- C:\Program Files\AVG

2008-08-08 04:37 . 2006-11-02 11:46 874,496 --a------ C:\Windows\System32\khfdCVmK.dll

2008-08-07 23:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-08-07 23:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-08-07 23:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-08-07 23:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-08-07 23:36 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-08-07 23:36 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-08-07 23:36 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-08-07 23:34 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-08-07 23:34 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-07-30 15:55 . 2008-07-30 15:55 <DIR> d-------- C:\~ROXTMP

2008-07-29 14:56 . 2008-07-29 14:56 <DIR> d-------- C:\Bilddeeer

2008-07-23 22:52 . 2008-07-23 22:52 <DIR> d-------- C:\Program Files\upmpegnew

2008-07-23 00:53 . 2008-06-26 02:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll

2008-07-12 13:21 . 2008-07-12 13:21 268 --ah----- C:\sqmdata06.sqm

2008-07-12 13:21 . 2008-07-12 13:21 244 --ah----- C:\sqmnoopt06.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-11 07:14 --------- d-----w C:\Users\19052ARAM1\AppData\Roaming\SoftGrid Client

2008-08-11 05:22 --------- d-----w C:\Program Files\MSN Messenger

2008-08-11 05:22 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-11 05:03 --------- d-----w C:\Program Files\Circle Developement

2008-08-11 04:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-11 04:05 --------- d-----w C:\Users\19052ARAM1\AppData\Roaming\Azureus

2008-08-10 02:10 --------- d-----w C:\Users\19052ARAM1\AppData\Roaming\LimeWire

2008-08-10 01:59 --------- d-----w C:\Program Files\LimeWire

2008-08-08 02:12 --------- d-----w C:\Program Files\Azureus

2008-07-26 09:55 --------- d-----w C:\ProgramData\OrdnettPluss

2008-07-23 20:55 --------- d-----w C:\ProgramData\upmpegnew

2008-07-23 20:55 --------- d-----w C:\ProgramData\Memo Drive Vc Log

2008-07-14 01:11 174 --sha-w C:\Program Files\desktop.ini

2008-07-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help

2008-07-14 01:01 --------- d-----w C:\Program Files\Windows Mail

2008-06-30 20:50 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll

2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll

2008-06-22 19:11 --------- d-----w C:\Program Files\Octoshape Streaming Services

2008-06-20 21:06 --------- d-----w C:\ProgramData\Lavasoft

2008-06-20 21:04 --------- d-----w C:\Program Files\Lavasoft

2008-06-12 23:12 --------- d-----w C:\Users\19052ARAM1\AppData\Roaming\Skype

2008-06-12 23:10 --------- d-----w C:\Users\19052ARAM1\AppData\Roaming\skypePM

2008-05-24 00:17 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe

2008-04-08 18:43 32 ----a-w C:\Users\All Users\ezsid.dat

2008-04-08 18:43 32 ----a-w C:\ProgramData\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 04:03 1232896]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:35 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vc log bows face"="C:\ProgramData\Heck blue rdr.a7vieit" [X]

"Htm Second"="C:\ProgramData\magsstorestore.ypqw9" [X]

"SoftGridTray"="C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-05-03 13:39 308592]

"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2007-05-23 16:04 677408]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]

"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 09:00 1116920]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 17:14 1183744]

"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 11:00 192512]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-08 04:51 1232152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-07-12 13:16:28 192512]

HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=\\kbvgs-fs\scripts\addadmin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-46689\Scripts\Logon\0\0]

"Script"=\\skole.troms.vgs.no\SysVol\skole.troms.vgs.no\Policies\{43D9E6E5-1E79-4D1E-ACAA-D1BE4BD6761D}\User\Scripts\Logon\elev.vbs

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=C:\Windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

--a------ 2007-03-12 11:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2007-03-01 13:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

--a------ 2007-04-19 13:26 484904 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2007-07-25 17:02 563984 C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2007-07-25 17:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

--a------ 2007-05-08 08:38 331552 C:\Program Files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]

--a------ 2007-01-09 15:52 145184 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

--a------ 2007-05-02 16:17 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

--a------ 2007-05-23 11:00 192512 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

--a------ 2007-01-10 16:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{AABF06D2-94DA-43A8-8F6B-DA7F2419629C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{B81648DE-0DE5-4C10-9D5B-BFA3DB3146E3}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{91610844-14E1-4856-9330-A45345A05D49}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{B7559D63-7E7E-454A-931A-D9B114B215F9}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:Starcraft

"UDP Query User{D5FBFBD7-C251-47EB-A1F3-E4478567AC48}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:Starcraft

"TCP Query User{038D87A2-C22E-4DFF-85A4-4612A486F13C}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{00D18743-96D2-4BE2-9E68-02A8D86DF977}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

"{685FBB06-8D3C-4C1F-BB11-CDAAE514CF77}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{5D6793A7-7291-4B13-A9CF-895DB425C275}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{C588A865-5292-4EFE-A2AD-2E750B9557FE}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{F4BD0EBF-B9D2-496E-8DFA-09A7F0D41E39}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{76E27F9E-FEF7-4E1C-AE70-11506DD0CD6E}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{682C37F9-46C4-4777-AF46-6BC02CF0FFE7}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{EFEBCA2C-933C-411C-A622-2E8FEFD5A1E9}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{1CCEACD5-1898-48BE-9D76-F68595EC971E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{79BBD50B-85F3-4349-B69B-7390507F4358}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{6537ECCE-90D3-42E0-BDCC-AE1A6424FC6F}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

"{C13A8544-E141-47AA-9673-B574BAC5BD3D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{41381CA6-DAF0-45F7-8DE9-5197160220BB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{611D388F-FFDE-458E-A24A-6BC0496B4766}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{6423AE04-11EE-4932-9AE9-90D5326F1750}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{768932B9-F779-4E30-A166-294489B3FA59}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{92D023B6-4946-4185-8B23-37165DF664FF}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"{71819AFC-CA22-4E4F-A556-1C19A6D654B9}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Tiberium Wars

"{7D95B62B-C853-4EBD-88C8-6AA82F77713D}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{E0E91FBF-C9E9-4A26-AA43-83C6AE8B33E8}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{8A055DF8-59D2-435F-9158-D046EDA4CD5E}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander

"{DD2DFF40-4BC1-4A25-AF08-46E11C4ED27F}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander

"{E4963942-7E84-47BF-9518-A5D5E6CE30DF}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{0D0C5B1B-FD15-45D3-B52A-19343B7206AA}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{3F23BF7C-1D00-422C-921C-4B659822BC9A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{417B6495-8E44-4786-B2C0-4B35F77FB09E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{F258E1CB-BAB0-4A1F-A986-28E70A236E7A}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{4291D699-7BC7-470F-89CB-C00F3E8AF075}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{798954DC-F45E-4F0D-A6DD-7223DC8686CE}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{248F44D3-C4D1-4BEA-B617-85AAD68DCE17}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 13:23]

R0 SbAlg;SbAlg;C:\Windows\system32\drivers\SbAlg.sys [2006-10-09 13:31]

R0 SbFsLock;SbFsLock;C:\Windows\system32\drivers\SbFsLock.sys [2007-03-29 16:54]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-08 04:51]

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]

R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-04-18 21:32]

R1 RsvLock;RsvLock;C:\Windows\system32\drivers\RsvLock.sys [2007-04-22 16:25]

R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 10:44]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-08 04:50]

R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 16:32]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 03:00]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38]

R2 sftlist;SoftGrid Client;C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [2007-05-03 13:39]

R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 16:13]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 14:52]

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 12:42]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 12:42]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 12:42]

R3 sftfs;sftfs;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftfslh.sys [2007-05-03 13:40]

R3 sftplay;sftplay;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [2007-05-03 13:39]

R3 sftvol;sftvol;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftvollh.sys [2007-05-03 13:38]

R3 sftvsa;SoftGrid Virtual Service Agent;C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [2007-05-03 13:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9af9756a-291b-11dd-9f57-001a6b8686e7}]

\shell\AutoRun\command - G:\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\Windows\Tasks\Oppdater Ordnett Pluss.job

- C:\Program Files\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2007-11-09 14:51]

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\19052ARAM1\AppData\Roaming\Mozilla\Firefox\Profiles\1nanex43.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.no

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-11 09:33:58

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-11 9:36:11

ComboFix-quarantined-files.txt 2008-08-11 07:35:56

Pre-Run: 3,519,512,576 byte ledig

Post-Run: 4,000,985,088 byte ledig

259 --- E O F --- 2008-08-07 21:46:39

Håper noen kunne hjelpe meg

takk på forhånd

Endret 12. august 2008 av Gangstah

r2d290 · 11. august 2008

Sorry for sent svar. Prøvde å poste tidligere, men så ble alt jeg skrev slettet

Hvis du ikke kjenner til c:\delete.bat (som ble opprettet i går), gjør du følgende:

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

C:\delete.bat

G:\Setup.exe

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

File::
C:\Windows\System32\khfdCVmK.dll

Folder::
C:\ProgramData\upmpegnew
C:\ProgramData\Memo Drive Vc Log

Register::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vc log bows face"=-
"Htm Second"=-

Lagre det som CFScript

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet, sammen med en ny HijackThis-logg

Gangstah · 12. august 2008

C:\delete.bat logg:

Scan taken on 12 Aug 2008 00:18:10 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

G:\Setup.exe var jeg ikke helt sikker på hvordan jeg skulle finne siden G:\ var en DVD-stasjon

Combofix logg:

ComboFix 08-08-10.06 - 19052ARAM1 2008-08-12 2:41:15.3 - NTFSx86

Microsoft® Windows Vista™ Enterprise 6.0.6000.0.1252.1.1044.18.915 [GMT 2:00]

Running from: C:\Users\19052ARAM1\Desktop\ComboFix.exe

Command switches used :: C:\Users\19052ARAM1\Desktop\CFScript.txt

* Created a new restore point

FILE ::

C:\Windows\System32\khfdCVmK.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ProgramData\Memo Drive Vc Log

C:\ProgramData\Memo Drive Vc Log\proxy dead.exe

C:\ProgramData\upmpegnew

C:\ProgramData\upmpegnew\cornplatformbyte.exe

C:\ProgramData\upmpegnew\dvltqiuu.exe

C:\ProgramData\upmpegnew\erbkxkbr.exe

C:\ProgramData\upmpegnew\fbodavaw.exe

C:\ProgramData\upmpegnew\lfdbaewp.exe

C:\ProgramData\upmpegnew\myhkyqey.exe

C:\ProgramData\upmpegnew\syunztgw.exe

C:\ProgramData\upmpegnew\tray first test deaf.exe

C:\ProgramData\upmpegnew\vefzbnxb.exe

C:\ProgramData\upmpegnew\whrvypde.exe

C:\ProgramData\upmpegnew\zciwqifn.exe

C:\ProgramData\upmpegnew\zlcjwdsl.exe

C:\Windows\System32\khfdCVmK.dll

.

((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))