[Preizz]

Hi!
I have got a spyware called pokapoka61.exe, my antivirus program (NOD32) alerts me of it but it can't remove it
I ran Hijackthis! and I don't know what is spyware or not, can someone please help me clean up this mess, here i the log by the way:

Logfile of HijackThis v1.99.1
Scan saved at 21:14:26, on 2005-08-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
C:\Program\MessengerPlus! 3\MsgPlus.exe
C:\Program\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\tbctray.exe
C:\Program\MessengerDiscovery\msgdiscoveryx.exe
C:\Program\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\etb\pokapoka61.exe
C:\Program\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program\Diskeeper\DkService.exe
C:\WINDOWS\system32\cmd.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Winamp\winamp.exe
C:\Program\WinRAR\WinRAR.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\HiJackThis\HijackThis.exe
C:\Program\Eset\nod32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helgon.net/
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program\FlashCapture\fcbho.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera
O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe
O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe
O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program\FlashCapture\fciext.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106173581593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe


Regards//Rickard

[Advertisements]

Welcome Preizz to Geeks to Go!

Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.

--------


Please download the trial version of ewido security suite.Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\system32\spoolsv32.exe
C:\WINDOWS\system32\dllhost32.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe

O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe

O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Reboot back into Windows.

Save the report and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.

[g2i2r4]

Welcome Preizz to Geeks to Go!

Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.

--------


Please download the trial version of ewido security suite.Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\system32\spoolsv32.exe
C:\WINDOWS\system32\dllhost32.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe

O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe

O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Reboot back into Windows.

Save the report and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.

[Preizz]

Hi!
Here are the logs, can I remove the programs I used, or shall I save some program?
Am I finished or are there some spyware left?
Here are the logs:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 21:10:49, 2005-08-23
+ Report-Checksum: EB52E28D

+ Scan result:

:mozilla.10:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.718:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.730:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.743:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.749:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.754:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.755:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.765:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.767:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.772:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.791:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.813:C:\Documents and Settings\Rickard Preiss\Application Data\Mozilla\Firefox\Profiles\f0jvaajb.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rickard Preiss\Cookies\rickard [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Rickard Preiss\Cookies\rickard [email protected][1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Rickard Preiss\Cookies\rickard preiss@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Rickard Preiss\Cookies\rickard preiss@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Rickard Preiss\Cookies\rickard preiss@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Rickard Preiss\Cookies\rickard preiss@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\etb\nt_hide61.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka61.exe -> TrojanDropper.Agent.qz : Cleaned with backup
C:\WINDOWS\etb\xud2f.dll -> Spyware.EliteBar : Cleaned with backup
D:\Download\Bittorrent\Warhammer_40000_Dawn_Of_War_KEYGEN-VENGEANCE\vng-w40k.rar/keygen.exe -> Trojan.Steam.a : Error during cleaning
D:\Download\Cd-Keys & serials\Warhammer_40000_Dawn_Of_War_KEYGEN-VENGEANCE\vng-w40k.rar/keygen.exe -> Trojan.Steam.a : Error during cleaning
D:\Download\Övrigt\GoldMinerSetup-dm.exe -> Spyware.Trymedia : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 21:13:48, on 2005-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
C:\Program\MessengerPlus! 3\MsgPlus.exe
C:\Program\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\tbctray.exe
C:\Program\MessengerDiscovery\msgdiscoveryx.exe
C:\Program\TGTSoft\StyleXP\StyleXP.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program\Diskeeper\DkService.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helgon.net/
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program\FlashCapture\fcbho.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program\FlashCapture\fciext.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106173581593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe

Many thanks so far

//Rickard

[g2i2r4]

I notice that you are using more than one antivirus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through.
I strongly suggest you either:(1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or
(2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.
Is the computer running ok now?

[Preizz]

Hi again!
Am I, I have uninstalled Norton long way ago, I'm just using NOD32, can you be more specific?
Yes, It works ok now, no pop ups etc.

Many Thanks//Rickard

[g2i2r4]

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

This file belongs to Norton. Looks like there is still a part of Norton present.

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on the Box that says "Uninstall Manager"
• Click on the button "Save list"
• Copy and past the List from notepad into your post

Let's see if we can find out what part. Removing the folder will not solve it (it will still be in the Registry).

[Preizz]

Can I remove some programs I used to fix pokapoka61.exe?
Here is the list BTW:

A4 Tech USB PC Camera
Ad-Aware SE Professional
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe After Effects 6.5
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Reader 7.0 - Svenska
BitLord 0.56
Codec Pack - All In 1 6.0.2.3
Creative DVD Audio Plugin for Audigy Series
CursorXP
DAEMON Tools
dBpowerAMP Monkeys Audio Codec
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
DC++ (remove only)
Diskeeper Professional Edition
DVD Menu Studio 1.1
DVD-lab PRO 1.53
Easy CD & DVD Creator 6
ewido security suite
FirstClass® Client
FlashCapture v1.5
FlashOnTV Build 1.0.0.15
Gish
Heroes of Might and Magic® III Complete
Hex Workshop v4.23
HijackThis 1.99.1
Hälge
IconTweaker
InterActual Player
InterVideo WinDVD 7
iSpQ VideoChat 7.2
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Macromedia Shockwave Player
MapleStory
Messenger Plus! 3
MessengerDiscovery X 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office XP Professional med FrontPage
Microsoft Windows Journal Viewer
MoGLO DC search tool
msgdiscovery x 1.0
MSN Messenger 7.0
MSXML 4.0 SP2 Parser and SDK
NOD32 antivirus system
NOD32 FiX v1.8
NVIDIA Drivers
Personal 4.2.3
QuickTime
Santa Cruz
Sony Ericsson File Manager
Sony Ericsson Image Editor
Sony Ericsson MMS Backup Manager
Sony Ericsson MMS Home Studio
Sony Ericsson Mobile Networking Wizard
Sony Ericsson Sound Editor
Sony Ericsson Sync Station
StuffPlug-NG (Messenger Plus! Plugins)
StyleXP (remove only)
Super Ad Blocker
Säkerhetsuppdatering för Windows XP (KB883939)
Säkerhetsuppdatering för Windows XP (KB890046)
Säkerhetsuppdatering för Windows XP (KB893756)
Säkerhetsuppdatering för Windows XP (KB896358)
Säkerhetsuppdatering för Windows XP (KB896422)
Säkerhetsuppdatering för Windows XP (KB896423)
Säkerhetsuppdatering för Windows XP (KB896428)
Säkerhetsuppdatering för Windows XP (KB899587)
Säkerhetsuppdatering för Windows XP (KB899588)
Säkerhetsuppdatering för Windows XP (KB899591)
Säkerhetsuppdatering för Windows XP (KB901214)
Säkerhetsuppdatering för Windows XP (KB903235)
TMPGEnc MPEG Editor
TMPGEnc Sound Player
Total Commander (Remove or Repair)
Uppdatering för Windows XP (KB894391)
Uppdatering för Windows XP (KB896727)
Uppdatering för Windows XP (KB898461)
Web Stream Recorder Pro 1.1
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1 beta3
WinRAR
WorldTV 7.1
Worms 4 Mayhem

Regards//Rickard

[g2i2r4]

You are not using anything from Symantec or Norton anymore (no firewall either?).
Then follow these steps.


Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

Symantec Network Drivers Service

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

***

Open HijackThis
click on "None of the above, just start the program".
click on the "Config" button (bottom right),
click on "Misc Tools"
click on "Delete an NT Service" (a window will pop up)
Enter the below item into that field (make sure there are NO spaces before or after the name):

SNDSrvc

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

***

Reboot the computer.

Use Windows Explorer to remove this folder:
C:\Program\Delade filer\Symantec Shared\



You can remove the programs we used to remove the infection.

Ewido was unable to delete this one:
D:\Download\Bittorrent\Warhammer_40000_Dawn_Of_War_KEYGEN-VENGEANCE\vng-w40k.rar
I'd advise you to remove it yourself.

Shall I post you some tips for the future and close the topic?

[Preizz]

Hi!
No, I don't use nothing from Norton anymore.
When I try to delete "SNDSrvc" in HiJackThis it comes an error message, it says: "The service you entered is system-critical! It can't be deleted."
Yes, please, all off your tips is accepted, then you can close the topic, when we have solved this out.
Many thanks for you help so far

Regards//Rickard

[g2i2r4]

Please reboot and than do the HijackThis part again. Can you remove it now?

Edited by g2i2r4, 23 August 2005 - 02:40 PM.

[Preizz]

I tried to reboot but the error comes again

Regards//Rickard

[g2i2r4]

Can you post me a fresh HijackThis log please?

[Preizz]

Sure I can, thanks for your patience
The Log:

Logfile of HijackThis v1.99.1
Scan saved at 23:04:11, on 2005-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
C:\Program\MessengerPlus! 3\MsgPlus.exe
C:\Program\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\tbctray.exe
C:\Program\MessengerDiscovery\msgdiscoveryx.exe
C:\Program\TGTSoft\StyleXP\StyleXP.exe
C:\Program\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program\Diskeeper\DkService.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Winamp\winamp.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helgon.net/
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program\FlashCapture\fcbho.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program\FlashCapture\fciext.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106173581593
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe

[g2i2r4]

Looks like you disabled the service.

Use Windows Explorer to remove this folder:
C:\Program\Delade filer\Symantec Shared\

Is the computer running ok now?

[Preizz]

Yes, It worked fine to disable it and remov the folder!
Yeah, my computer works much better now, just like before the spyware came.
Do you have any tips for me?
Thanks for all off your help

Regards//Rickard