Solved "Attention some dangerous trojan horse detected in your system."

[Resolved] "Attention some dangerous trojan horse detected in your system. "

Hello everyone! I come to you quite desperate, as i got a stupid parasite on my computer. I've seen several threads here already, but I don't think I should follow the instrucions there, since two different computers have two different configurations. So i got this "Attention "my name ", some dangerous trojan horse detected in your system. Microsoft Windows XP files corrupted.... ", it is really annoying, coming up 3/4 times and always opens up a "free virus scan ", that is fake BTW. It is really annoying and i'm getting the impression that it is considerably slowing me down, so I came here and ask some of you who would be kind enough to help me. I understood that i must post here a logfile from a hijackthis scan, so here it is. I put my computer in your hands.

Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:50 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\xmlview.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O21 - SSODL: nulolinw - {523ad564-91c2-48d4-8f0f-4d81c1bdf9aa} - C:\Documents and Settings\All Users\Application Data\nulolinw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 6929 bytes

 

Welocme to WindowsBBS Nicko

Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Then, download Deckard's System Scanner (dss.exe) and save it to your desktop.

• Close all applications and windows.
• Double click on dss.exe to run it and follow the prompts.
• When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Here is the entire MBAM report log:

Malwarebytes' Anti-Malware 1.19
Database version: 912
Windows 5.1.2600 Service Pack 2

12:30:17 AM 7/2/2008
mbam-log-7-2-2008 (00-30-17).txt

Scan type: Quick Scan
Objects scanned: 40805
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ae578e0-6df5-41e0-869f-f65a32d2f6bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ae578e0-6df5-41e0-869f-f65a32d2f6bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\xmlview.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.



And here is the deckard's system scan main.txt report:

Deckard's System Scanner v20071014.68
Run by Nicolas on 2008-07-02 00:35:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-07-01 22:35:37 UTC - RP84 - Deckard's System Scanner Restore Point
15: 2008-06-30 00:19:33 UTC - RP83 - Installed QuickTime
14: 2008-06-29 21:58:13 UTC - RP82 - System Checkpoint
13: 2008-06-27 23:59:54 UTC - RP81 - Software Distribution Service 3.0
12: 2008-06-27 23:09:33 UTC - RP80 - Installed Kaspersky Internet Security 2009.


-- First Restore Point --
1: 2008-06-07 23:26:15 UTC - RP69 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.04 GiB (less than 15%) free.


-- HijackThis (run as Nicolas.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:25 AM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nicolas\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nicolas.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O21 - SSODL: nulolinw - {523ad564-91c2-48d4-8f0f-4d81c1bdf9aa} - C:\Documents and Settings\All Users\Application Data\nulolinw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 6864 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 KeyAgent - c:\windows\system32\drivers\keyagent.sys <Not Verified; Apple Inc.; Boot Camp>
R2 MacHALDriver (Mac HAL) - c:\windows\system32\drivers\machaldriver.sys <Not Verified; Apple Inc.; >
R3 Razerlow (Razer Copperhead Driver) - c:\windows\system32\drivers\razerlow.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11 Multiband Network Adapter
Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_0089106B&REV_01\4&20975680&0&00E1
Manufacturer: Broadcom
Name: Broadcom 802.11 Multiband Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_0089106B&REV_01\4&20975680&0&00E1
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\6&3AEA9972&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\6&3AEA9972&0&2
Service: BthPan

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\FEBD70D21451FF
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\FEBD70D21451FF
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-06-26 22:45:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-01 16:06:04 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Processnik
2008-07-01 15:58:41 0 d-------- C:\WINDOWS\pss
2008-06-30 02:20:01 0 d-------- C:\Program Files\QuickTime
2008-06-28 01:35:50 0 d-------- C:\Program Files\Trend Micro
2008-06-28 01:10:56 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-28 01:10:56 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-28 01:10:04 286752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-28 01:10:04 1344032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-28 01:10:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-28 01:10:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-27 18:53:28 0 dr-h----- C:\Documents and Settings\Nicolas\Application Data\SecuROM
2008-06-27 18:49:28 0 d-------- C:\Program Files\Common Files\BioWare
2008-06-27 18:26:40 0 d-------- C:\Program Files\Mass Effect
2008-06-26 19:12:15 0 d-------- C:\Program Files\Panda Security
2008-06-26 18:50:39 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Malwarebytes
2008-06-26 18:50:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 18:50:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-26 18:49:32 0 drahs---- C:\autorun.inf
2008-06-26 18:30:45 0 d-------- C:\Program Files\Enigma Software Group
2008-06-25 16:29:03 0 d---s---- C:\Documents and Settings\Nicolas\UserData
2008-06-25 15:53:33 0 d-------- C:\Documents and Settings\Nicolas\Application Data\U3
2008-06-23 22:15:15 0 d-------- C:\Program Files\Savage 2 - A Tortured Soul
2008-06-23 22:03:32 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-14 21:09:45 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Desktopicon
2008-06-14 20:27:53 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-14 19:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-14 19:44:30 135168 --a------ C:\Documents and Settings\All Users\Application Data\nulolinw.dll
2008-06-07 12:22:05 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-07 12:17:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-05 14:12:30 0 d-------- C:\temp
2008-06-05 13:54:56 0 d-------- C:\Program Files\THQ
2008-06-02 21:10:23 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-02 21:10:22 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-02 21:10:22 0 d-------- C:\Program Files\Xvid
2008-06-02 21:03:11 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment


-- Find3M Report ---------------------------------------------------------------

2008-07-02 00:24:19 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Skype
2008-07-02 00:23:47 0 d-------- C:\Documents and Settings\Nicolas\Application Data\skypePM
2008-06-27 18:49:28 0 d-------- C:\Program Files\Common Files
2008-06-27 18:26:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-26 22:52:09 0 d-------- C:\Program Files\Safari
2008-06-26 19:35:38 2110 --a------ C:\WINDOWS\mozver.dat
2008-06-26 18:57:30 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Azureus
2008-06-25 19:27:10 0 d-------- C:\Program Files\Azureus
2008-06-07 12:21:58 0 d-------- C:\Program Files\Common Files\Real
2008-06-07 00:49:09 0 d-------- C:\Program Files\Boot Camp
2008-06-07 00:40:45 0 d-------- C:\Program Files\DIFX
2008-06-05 14:07:56 0 d-------- C:\Program Files\Apple Software Update
2008-06-05 13:42:49 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Microsoft Games
2008-06-05 13:22:53 0 d-------- C:\Program Files\DivX
2008-05-29 17:21:33 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Adobe
2008-05-27 17:24:40 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Sun
2008-05-19 18:29:25 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-19 18:29:12 0 d-------- C:\Program Files\Common Files\Skype
2008-05-11 16:30:02 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-11 00:30:36 0 d-------- C:\Program Files\Giants
2008-05-10 22:47:21 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 22:43:09 0 d-------- C:\Program Files\InterplayGames
2008-04-15 15:36:22 49152 --a------ C:\WINDOWS\system32\ChCfg.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp "= "sttray.exe" []
"IRW "= "C:\WINDOWS\system32\IRW.exe" [04/15/2008 03:31 PM]
"Apple_KbdMgr "= "C:\Program Files\Boot Camp\KbdMgr.exe" [04/15/2008 04:44 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"razer "= "C:\Program Files\Razer\Copperhead\razerhid.exe" [10/08/2005 05:27 PM]
"StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"UnlockerAssistant "= "C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 06:15 AM]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"nulolinw "= {523ad564-91c2-48d4-8f0f-4d81c1bdf9aa} - C:\Documents and Settings\All Users\Application Data\nulolinw.dll [06/14/2008 07:44 PM 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-02 00:37:10 ------------

 

Based on the time and date on this file, I suspect it might be related to Kaspersky, but I'd like to make sure. Please upload the following file to my submission channel for analysis. Leave a link back to this topic.

C:\Documents and Settings\All Users\Application Data\nulolinw.dll

I would also like you to upload this file too.

C:\WINDOWS\system32\IRW.exe

Thanks!


You've got a couple of broken file associations, so lets get those fixed. Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

• Click Start>Run and paste the command in, then hit enter.
• An interface of Deckards file association fix will open.
• Click Scan.
• Check the box next to the following entries, then click Fix.
  • .reg
  • .scr
• Exit when complete.

Are you still getting the fake alerts?

 

Thank you for all your help, I really appreciate!! I have uploaded the files you requested and put in the command line. As for the origin of it, it is quite some time now, just that I removed it but not entirely. But I do think that it can come from here because I downloaded it with a peer to peer program, which I will uninstall right now. As for the fake alerts, I don't get them anymore .
Except for a strange hidden file on my desktop named .DS_Store, everything is okay, but I don't know if I can delete it or not . Oh, and tell me if i can remove the DSS.exe...

Anyway, thanks again, you took off an enormous needle in my back. If you need anything apart from money, because I can't really give or donate some right now , tell me, i will be glad to do it, or so try it!

~Nicko

 

The .DS_Store file is generally associated with a Mac operating system. It's much the same as the desktop.ini file in Windows. Are you connected to a Mac on a network, or dual booting Windows and Mac? At any rate, it's safe to delete.

More info on .DS_Store http://chris.pirillo.com/2008/06/15/what-are-ds_store-files/

The nulolinw.dll file is rogue and needs to be removed. IRW.exe didn't turn up anything to suggest it is harmful. Please highlight and copy the following bolded command.


del /q "%allusersprofile%\applic~1\nulolinw.dll "


Click Start>Run and type cmd then hit Enter to open a command window. Right click in the command window and paste the copied command, then hit Enter. Close the command window.

What exactly were you referring to? The IRW.exe file?

Lets get an online scan now to be sure we haven't missed anything. Please scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and a fresh dss log to this topic.

 

I forgot to mention, the IRW.exe file made reference to the following.

c:\bwa\appleremotewin-200.1.1\srcroot\appleremote\release\IRW.pdb

Mean anything to you?

 

In the later post I was talking about the kaspersky, the downloaded file exactly. Anyway, the path you mentioned has the "apple remote ", so i'd suggest it's a driver of mac for windows for the apple remote, since I'm dual booting windows and mac. As for the command line, I do what you said but it says "Access is denied ", I don't really understand, since I am an administrator and I normally have all privileges... I look forward for a reply from you and I think the scan is useless unless I removed the threat...

 

Please download the Killbox by Option^Explicit.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the filepath below and paste it into Killbox:
  
  C:\Documents and Settings\All Users\Application Data\nulolinw.dll
  
  
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.


Now do another scan with Kaspersky and post the results here.

 

I did as you said, and I got not prompted, and I then restarted my computer.

Now, here is the Kaspersky Web scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 06, 2008 11:49:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/07/2008
Kaspersky Anti-Virus database records: 918909
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 41618
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:44:21

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000002_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000002_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000002_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000002_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000003_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000003_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000003_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000003_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000004_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000004_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000004_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000004_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000005_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000005_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000005_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000005_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000006_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000006_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000006_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000006_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000002_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000002_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000002_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000002_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000003_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000003_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000003_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000003_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000004_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000004_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000004_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000004_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000005_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000005_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000005_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000005_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000002_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000002_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000002_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000002_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000003_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000003_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000003_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000003_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000004_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000004_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000004_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000004_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000005_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000005_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000005_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000005_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000006_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000006_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000006_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000006_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000002_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000002_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000002_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000002_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000003_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000003_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000003_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000003_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000004_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000004_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000004_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000004_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000005_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000005_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000005_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000005_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\06\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\06\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\06\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\06\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\06\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\07\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\07\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\07\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\07\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\07\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\08\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\08\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\08\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\08\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\08\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000001_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000001_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000001_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000001_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000002_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000002_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000002_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000002_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000003_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000003_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000003_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000003_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000004_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000004_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000004_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000004_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000005_events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000005_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000005_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\00000005_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\09\segments.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\g_objbt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\g_objdt.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\g_objid.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Apple Computer\Safari\PubSub\Database\Database.sqlite3 Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\call256.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\call512.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\chat256.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\chat512.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\chatsync\14\14d5013693843cd9.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\chatsync\27\2722e4688a634ad3.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\index2.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\user1024.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\user16384.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\user4096.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Application Data\Skype\stupidkiller2\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Nicolas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Apple Computer\Safari\Cache.db Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Apple Computer\Safari\WebpageIcons.db Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nicolas\My Documents\Kaspersky Internet Security 2009 v8.0.0.357 Latest Release\kis8.0.0.357en.exe/setup_wizard.exe Infected: Trojan-Downloader.Win32.Tiny.bqg skipped
C:\Documents and Settings\Nicolas\My Documents\Kaspersky Internet Security 2009 v8.0.0.357 Latest Release\kis8.0.0.357en.exe CAB: infected - 1 skipped
C:\Documents and Settings\Nicolas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nicolas\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4F19A710-7AA4-490F-B3E7-80085081DB0C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

And here is the fresh DSS scan:

Deckard's System Scanner v20071014.68
Run by Nicolas on 2008-07-06 21:40:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.79 GiB (less than 15%) free.


-- HijackThis (run as Nicolas.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:42 PM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nicolas\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nicolas.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O21 - SSODL: nulolinw - {523ad564-91c2-48d4-8f0f-4d81c1bdf9aa} - C:\Documents and Settings\All Users\Application Data\nulolinw.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 7067 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 21:31:00 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-06 21:30:59 0 d-------- C:\WINDOWS\LastGood
2008-07-06 21:17:19 0 d-------- C:\!KillBox
2008-07-01 16:06:04 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Processnik
2008-07-01 15:58:41 0 d-------- C:\WINDOWS\pss
2008-06-30 02:20:01 0 d-------- C:\Program Files\QuickTime
2008-06-28 01:35:50 0 d-------- C:\Program Files\Trend Micro
2008-06-28 01:10:56 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-28 01:10:56 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-28 01:10:04 303136 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-28 01:10:04 1344032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-28 01:10:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-28 01:10:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-27 18:53:28 0 dr-h----- C:\Documents and Settings\Nicolas\Application Data\SecuROM
2008-06-27 18:49:28 0 d-------- C:\Program Files\Common Files\BioWare
2008-06-27 18:26:40 0 d-------- C:\Program Files\Mass Effect
2008-06-26 19:12:15 0 d-------- C:\Program Files\Panda Security
2008-06-26 18:50:39 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Malwarebytes
2008-06-26 18:50:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 18:50:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-26 18:49:32 0 drahs---- C:\autorun.inf
2008-06-26 18:30:45 0 d-------- C:\Program Files\Enigma Software Group
2008-06-25 16:29:03 0 d---s---- C:\Documents and Settings\Nicolas\UserData
2008-06-25 15:53:33 0 d-------- C:\Documents and Settings\Nicolas\Application Data\U3
2008-06-23 22:15:15 0 d-------- C:\Program Files\Savage 2 - A Tortured Soul
2008-06-23 22:03:32 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-14 21:09:45 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Desktopicon
2008-06-14 20:27:53 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-14 19:49:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-07 12:22:05 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-07 12:17:43 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Find3M Report ---------------------------------------------------------------

2008-07-06 21:21:41 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Skype
2008-07-06 21:16:33 0 d-------- C:\Documents and Settings\Nicolas\Application Data\skypePM
2008-07-02 13:42:03 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Azureus
2008-06-27 18:49:28 0 d-------- C:\Program Files\Common Files
2008-06-27 18:26:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-26 22:52:09 0 d-------- C:\Program Files\Safari
2008-06-26 19:35:38 2110 --a------ C:\WINDOWS\mozver.dat
2008-06-07 12:21:58 0 d-------- C:\Program Files\Common Files\Real
2008-06-07 00:49:09 0 d-------- C:\Program Files\Boot Camp
2008-06-07 00:40:45 0 d-------- C:\Program Files\DIFX
2008-06-05 14:07:56 0 d-------- C:\Program Files\Apple Software Update
2008-06-05 13:54:56 0 d-------- C:\Program Files\THQ
2008-06-05 13:42:49 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Microsoft Games
2008-06-05 13:22:53 0 d-------- C:\Program Files\DivX
2008-06-02 21:10:23 0 d-------- C:\Program Files\Xvid
2008-06-02 21:03:11 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-29 17:21:33 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Adobe
2008-05-27 17:24:40 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Sun
2008-05-19 18:29:25 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-19 18:29:12 0 d-------- C:\Program Files\Common Files\Skype
2008-05-11 16:30:02 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-11 00:30:36 0 d-------- C:\Program Files\Giants
2008-05-10 22:47:21 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-10 22:43:09 0 d-------- C:\Program Files\InterplayGames
2008-04-27 10:35:28 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-27 10:33:36 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-15 15:36:22 49152 --a------ C:\WINDOWS\system32\ChCfg.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp "= "sttray.exe" []
"IRW "= "C:\WINDOWS\system32\IRW.exe" [04/15/2008 03:31 PM]
"Apple_KbdMgr "= "C:\Program Files\Boot Camp\KbdMgr.exe" [04/15/2008 04:44 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"razer "= "C:\Program Files\Razer\Copperhead\razerhid.exe" [10/08/2005 05:27 PM]
"StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"UnlockerAssistant "= "C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 06:15 AM]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"nulolinw "= {523ad564-91c2-48d4-8f0f-4d81c1bdf9aa} - C:\Documents and Settings\All Users\Application Data\nulolinw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-06 21:41:35 ------------



I wish you good luck, I wouldn't have the courage to read all this... Thanks again!!

 

Looks great! Scan again with HijackThis and place a check next to the following entry.

O21 - SSODL: nulolinw - {523ad564-91c2-48d4-8f0f-4d81c1bdf9aa} - C:\Documents and Settings\All Users\Application Data\nulolinw.dll (file missing)


Close all other windows then click Fix Checked.
Restart the machine, then create a new HijackThis log and post it here.

 

Here you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:34 AM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 6887 bytes

 

Great! Everything running smoothly again?

Delete the C:\Deckard folder and dss.exe
Open MBAM and delete any items in quarantine
Delete the folder C:\!Killbox and Killbox.exe
You can also delete any logs created and saved

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot


If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

That should wrap things up. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

 

My comp runs great, and I don't get those pesky popups anymore, and all this thanks to you!! I really appreciate it, and I think I'm not the only one
If I have a problem, I will come back here, and if some friends or some other people with the same problem, I will advise them to go on this forum, it's great to have some geniuses that are willing to help, especially so quickly!!

Thanks a mill again!!

 

Glad to hear it Nicko. You're most welcome.

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

 

Indeed, very useful, I will take this thread in consideration, and follow instructions written there, thank you for the advice

P.S: REALLY useful, especially the part where he gives away some free protecting tools

 

Another helped user

Just wanted to post a thanks to noahdfear, and also wanted to let it be known that as of 07/09/08, I google'd the popup message that I received (same as nicko) & this thread provided the solution necessary to fix my problem. I tried other approaches to no avail.

Thanks for having a recent & working solution available to the public.

 

Hi Jeremy1230, and welcome. Thanks for taking the time to register and post. I'm happy to hear you found the help you were seeking here at WindowsBBS