Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Antivirus XP 2008. I need help removing it.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Antivirus XP 2008. I need help removing it.

Unread postby soaring goat » June 26th, 2008, 2:29 pm

Hello everyone. I'm new to malware removal. I've seen some of your guides and posts and they seem helpful (although I wouldn't know since I don't know the first thing about computers).

Anyway, I've gotten Antivirus XP 2008. At first I almost peed myself, because I thought it was a "good" program, and it told me I had 1612 viruses, but I doublechecked with my own antivirus program and it said I just hade one.

I've tried stuff to remove it already. I went to this page (http://www.bleepingcomputer.com/malware ... us-xp-2008)
and followed the advices, but it didn't get me anywhere. Antivirus XP 2008 still pops up sometimes, and smetimes it creates those fake blue error screens.

I saw that you should start by posten a Hijackthis log, and here is mine (I scanned this about 5minutes before I posted)

!! I'm swedish and using a swedish computer, which means my english may be lacking at times, and you might not understand the log. !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:20, on 2008-06-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Canon\IJPLM\IJPLMSVC.EXE
C:\Program\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program\Java\jre1.6.0_06\bin\jusched.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Logitech\SetPoint\KEM.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Logitech\SetPoint\KHALMNPR.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\FirstClass\fcc32.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\TuneUp Utilities 2007\Integrator.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINDOWS\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [diagent] "C:\Program\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] "C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TWO VGA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lphc79rj0ej37] C:\WINDOWS\system32\lphc79rj0ej37.exe
O4 - HKLM\..\Run: [SMrhc39rj0ej37] C:\Program\rhc39rj0ej37\rhc39rj0ej37.exe
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/1481 ... scan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/app ... OFILER.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: GoToAssist - C:\Program\Citrix\GoToAssist\508\G2AWinLogon.dll
O21 - SSODL: MonKernel - {46b707a9-37a6-4b9c-9f35-d4d1198dfbe5} - (no file)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11842 bytes
soaring goat
Regular Member
 
Posts: 15
Joined: June 26th, 2008, 2:16 pm
Advertisement
Register to Remove

Re: Antivirus XP 2008. I need help removing it.

Unread postby peku006 » June 27th, 2008, 2:45 am

Welcome to the MWR forums. My name is peku006. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic. Please stay at one forum for help.
3. Please continue reading posts until I give the All Clear. It is important to note this, as a clean looking HijackThis is not always a sign your system is clean.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Antivirus XP 2008. I need help removing it.

Unread postby soaring goat » June 27th, 2008, 3:20 am

Thank you for the quick reply peku006. I'm looking forward to working with you to get rid of this annoying malware.
soaring goat
Regular Member
 
Posts: 15
Joined: June 26th, 2008, 2:16 pm

Re: Antivirus XP 2008. I need help removing it.

Unread postby peku006 » June 27th, 2008, 4:23 am

Hi soaring goat
!! I'm swedish and using a swedish computer, which means my english may be lacking at times, and you might not understand the log. !!

don't worry.... Jeg talar svensk.
It looks like you have some components from Norton/Symantecs installed ,are you using Norton/Symantec Firewall or Antivirus

1 - Download and Run DSS

Please download Deckard's System Scanner (DSS) and save to your Desktop.

DSS will do the following:

  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open in Notepad:
  • main.txt <- this one will be maximized
  • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


2 - Check files for Viruses.

C:\WINDOWS\system32\lphc79rj0ej37.exe
C:\Program\rhc39rj0ej37\rhc39rj0ej37.exe

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please

3 - Status Check
Please reply with

1. Deckard's System Scanner main.txt and extra.txt
2. The Jotti/Virustotal results

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Antivirus XP 2008. I need help removing it.

Unread postby soaring goat » June 27th, 2008, 5:34 am

Thank you again peku006.

I've done everything you said.

Here is the main.txt log:

Deckard's System Scanner v20071014.68
Run by Maria Eriksson on 2008-06-27 10:59:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-27 08:59:53 UTC - RP38 - Deckard's System Scanner Restore Point
3: 2008-06-26 20:50:31 UTC - RP37 - Software Distribution Service 3.0
2: 2008-06-26 18:10:36 UTC - RP36 - Configured VeohTV BETA
1: 2008-06-26 15:09:51 UTC - RP35 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Maria Eriksson.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:36, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Canon\IJPLM\IJPLMSVC.EXE
C:\Program\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program\Java\jre1.6.0_06\bin\jusched.exe
C:\Program\Creative\SBLive\Diagnostics\diagent.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Logitech\SetPoint\KEM.exe
C:\Program\Personal\bin\Personal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Logitech\SetPoint\KHALMNPR.EXE
C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Maria Eriksson\Skrivbord\dss.exe
C:\Program\TRENDM~1\HIJACK~1\Maria Eriksson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINDOWS\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [diagent] "C:\Program\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] "C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TWO VGA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lphc79rj0ej37] C:\WINDOWS\system32\lphc79rj0ej37.exe
O4 - HKLM\..\Run: [SMrhc39rj0ej37] C:\Program\rhc39rj0ej37\rhc39rj0ej37.exe
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [*SPRTRA] rundll32.exe "C:\Program\DELADE~1\SYMANT~1\SUPPOR~1\tgctlcm.dll",JoinBackIssue
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/1481 ... scan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/app ... OFILER.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: GoToAssist - C:\Program\Citrix\GoToAssist\508\G2AWinLogon.dll
O21 - SSODL: MonKernel - {46b707a9-37a6-4b9c-9f35-d4d1198dfbe5} - (no file)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11812 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 ZQGKJOQR - c:\windows\system32\zqgkjoqr.kot (file missing)
S3 gkmixern - c:\docume~1\mariae~1\lokala~1\temp\gkmixern.sys (file missing)
S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 z3f2bus (Sony Ericsson driver (WDM)) - c:\windows\system32\drivers\z3f2bus.sys <Not Verified; MCCI; Sony Ericsson>
S3 z3f2mdfl (Sony Ericsson USB WMC Modem Filter) - c:\windows\system32\drivers\z3f2mdfl.sys <Not Verified; MCCI; Sony Ericsson USB WMC Modem Filter Driver>
S3 z3f2mdm (Sony Ericsson USB WMC Modem Driver) - c:\windows\system32\drivers\z3f2mdm.sys <Not Verified; MCCI; Sony Ericsson USB WMC Modem>
S3 z3f2mgmt (Sony Ericsson USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\z3f2mgmt.sys <Not Verified; MCCI; Sony Ericsson USB WMC Device Management>
S3 z3f2obex (Sony Ericsson USB WMC OBEX Interface) - c:\windows\system32\drivers\z3f2obex.sys <Not Verified; MCCI; Sony Ericsson USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe <Not Verified; Pinnacle Systems; Media Server>
R2 Smartscaps (SmartTrust Smart Card Server) - c:\windows\system32\smartscaps.exe service <Not Verified; SmartTrust; SmartTrust Smart Card Server>

S2 ATI Smart - c:\windows\system32\ati2sgag.exe (file missing)
S3 gusvc (Google Updater Service) - "c:\program\google\common\google updater\googleupdaterservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\328820C55042A1
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\328820C55042A1
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-06-25 17:30:49 396 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-06-16 20:00:01 640 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Kör fullständig systemsökning - Maria Eriksson.job


-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 09:30:21 0 d-------- C:\NSS
2008-06-26 20:26:43 0 d-------- C:\Program\Trend Micro
2008-06-26 18:35:45 94208 --a------ C:\WINDOWS\system32\pphc79rj0ej37.exe
2008-06-26 16:50:53 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\Malwarebytes
2008-06-26 16:50:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 16:50:48 0 d-------- C:\Program\Malwarebytes' Anti-Malware
2008-06-26 12:10:34 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37
2008-06-26 12:06:37 0 d-------- C:\Program\rhc39rj0ej37
2008-06-26 12:05:25 139264 --a------ C:\WINDOWS\etgv.exe
2008-06-26 12:04:51 60928 --a------ C:\WINDOWS\system32\blphc79rj0ej37.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-26 12:04:44 109056 --a------ C:\WINDOWS\system32\lphc79rj0ej37.exe
2008-06-26 11:01:04 0 d-------- C:\Program\MAIET
2008-06-25 15:25:46 0 d-------- C:\Program\TuneUp Utilities 2007
2008-06-25 15:23:30 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-25 15:23:25 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-06-24 22:33:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-06-24 21:58:47 0 d-------- C:\Program\TmNationsForever
2008-06-19 19:39:39 0 d-------- C:\Program\Microsoft Xbox 360 Accessories
2008-06-17 21:22:40 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\SPORE Creature Creator
2008-06-17 21:19:36 0 d-------- C:\ProgramData
2008-06-17 21:19:14 1190 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-17 21:17:17 0 d-------- C:\Program\Electronic Arts
2008-06-17 19:02:46 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-15 22:01:59 69468 --a------ C:\WINDOWS\War3Unin.dat
2008-06-15 22:01:58 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-15 22:01:58 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-02 21:51:48 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-02 21:51:48 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-02 21:51:48 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-01 15:54:38 0 d-------- C:\Program\Rockstar Games


-- Find3M Report ---------------------------------------------------------------

2008-06-27 11:02:15 0 d-------- C:\Program\Delade filer\Symantec Shared
2008-06-26 11:58:58 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\uTorrent
2008-06-25 21:33:08 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\U3
2008-06-25 15:37:21 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\Azureus
2008-06-25 15:23:25 0 d-------- C:\Program\Delade filer
2008-06-18 22:26:07 0 d-------- C:\Program\EA Games
2008-06-18 22:01:19 0 d-------- C:\Program\Plugins
2008-06-18 22:01:17 0 d-------- C:\Program\QTSystem
2008-06-17 21:19:51 0 d--h----- C:\Program\InstallShield Installation Information
2008-06-16 20:12:36 0 d-------- C:\Program\Warcraft III
2008-06-13 12:10:56 0 d-------- C:\Program\LucasArts
2008-06-08 15:28:56 429598 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-06-08 15:28:56 84046 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-06-04 22:14:06 0 d-------- C:\Program\SpywareBlaster
2008-06-04 09:22:27 0 d-------- C:\Program\Java
2008-06-02 15:55:57 0 d-------- C:\Program\Symantec
2008-05-27 21:26:42 0 d-------- C:\Program\GameSpy Arcade
2008-05-26 15:51:18 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\dvdcss
2008-05-21 20:17:34 0 d-------- C:\Program\Text2PDF v1.5
2008-05-21 17:32:00 0 d-------- C:\Program\OverDrive ReaderWorks
2008-05-21 17:30:06 0 d-------- C:\Program\Delade filer\OverDrive Shared
2008-05-14 15:35:48 0 d-------- C:\Program\Microsoft Reader
2008-05-12 19:10:24 0 d-------- C:\Program\Hitman Pro
2008-05-12 19:09:47 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\Lavasoft
2008-05-11 12:23:42 0 d-------- C:\Program\Games-Masters.com
2008-05-07 18:24:52 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\TuneUp Software
2008-05-07 16:25:11 0 d-------- C:\Program\Citrix
2008-05-02 10:00:30 0 d-------- C:\Documents and Settings\Maria Eriksson\Application Data\SupportSoft
2008-04-10 20:27:55 85470 --ahs---- C:\WINDOWS\system32\CJQrtBeg.ini2
2008-04-02 11:03:07 6429 --ahs---- C:\WINDOWS\system32\tsYFOnnn.ini2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-02 11:44 116088 --a------ C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-09-07 15:56]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [2002-02-13 04:31]
"diagent"="C:\Program\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"Easy-PrintToolBox"="C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2006-10-17 03:20]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2008-02-14 11:01]
"osCheck"="C:\Program\Norton Internet Security\osCheck.exe" [2007-08-24 22:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"Pinnacle WebUpdater"="C:\Program\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" [2006-06-08 10:40]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2007-09-07 15:56]
"BIND SUPPORT SEEK FIRST"="C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TWO VGA.exe" [2008-06-26 22:49]
"QuickTime Task"="C:\Program\QTTask.exe" [2007-10-19 21:16]
"lphc79rj0ej37"="C:\WINDOWS\system32\lphc79rj0ej37.exe" [2008-06-26 12:04]
"SMrhc39rj0ej37"="C:\Program\rhc39rj0ej37\rhc39rj0ej37.exe" [2008-06-25 22:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:34]
"LDM"="C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-09 17:11]
"PMCS"="C:\Program\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 10:42]
"msnmsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"*SPRTRA"=rundll32.exe "C:\Program\DELADE~1\SYMANT~1\SUPPOR~1\tgctlcm.dll",JoinBackIssue

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymLnch"="C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Certificate Mover.lnk - C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe [2004-05-07 18:14:36]
Logitech Desktop Messenger.lnk - C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 17:11:22]
Logitech SetPoint.lnk - C:\Program\Logitech\SetPoint\KEM.exe [2005-12-25 12:38:13]
Personal.lnk - C:\Program\Personal\bin\Personal.exe [2007-12-03 19:56:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program\Citrix\GoToAssist\508\G2AWinLogon.dll 2008-05-07 16:25 10536 C:\Program\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
"swg"=C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdaptecDirectCD"="C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Program\QTTask.exe" -atboottime
"PMCRemote"="C:\Program\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe"
"woodii_updater"=C:\Program\WoodiiMeny2\wu.exe
"XboxStat"="c:\Program\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dee5f24-b915-11dc-8c7a-0007e9488958}]
AutoRun\command- G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

8076 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-27 11:03:35 ------------

Here is the extra.txt :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 511 MiB / 171.47 MiB
Pagefile Memory (total/avail): 1249.04 MiB / 765.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.67 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.7 GiB total, 65.36 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-75CRA0 - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installerbart filsystem - 111.7 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\LucasArts\\SWKotOR2\\swupdate.exe"="C:\\Program\\LucasArts\\SWKotOR2\\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program"
"C:\\Program Files\\LucasArts\\SWKotOR\\swupdate.exe"="C:\\Program Files\\LucasArts\\SWKotOR\\swupdate.exe:*:Enabled:Star Wars: Knights of the old Republic Update Program"
"C:\\Program\\Warcraft III\\Warcraft III.exe"="C:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\cdextra.exe"="D:\\cdextra.exe:*:Enabled:Macromedia Projector"
"C:\\Program\\Messenger\\msmsgs.exe"="C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\\Program\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:Tjänst- och styrenhetsprogram"
"C:\\Program\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"="C:\\Program\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Fjärrhjälp - Windows Messenger och tal"
"C:\\Program\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Maria Eriksson\Application Data
CLASSPATH=.;C:\Program\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=MARIA-88L53ZXZY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Maria Eriksson
LOGONSERVER=\\MARIA-88L53ZXZY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\ATI Technologies\ATI Control Panel;C:\Program\Sonic\MyDVD;C:\Program\Delade filer\Roxio Shared\DLLShared\;C:\Program\Delade filer\Adaptec Shared\System;C:\Program\Microsoft SQL Server\80\Tools\Binn\;C:\Program\QTSystem\;C:\Program\ATI Technologies\ATI.ACE\Core-Static;C:\Program\Pinnacle\Shared Files;C:\Program\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program
PROMPT=$P$G
QTJAVA=C:\Program\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MARIAE~1\LOKALA~1\Temp
TMP=C:\DOCUME~1\MARIAE~1\LOKALA~1\Temp
USERDOMAIN=MARIA-88L53ZXZY
USERNAME=Maria Eriksson
USERPROFILE=C:\Documents and Settings\Maria Eriksson
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Maria Eriksson (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program\Creative\SBLive\Program\Ctzapxx.EXE /X /U /S /R
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x1d -L0x1danything
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x1d -L0x1danything
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program\Delade filer\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program\Delade filer\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.2 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AntivirXP08 --> "C:\Program\rhc39rj0ej37\uninstall.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
µTorrent --> "C:\Program\uTorrent\uTorrent.exe" /UNINSTALL
Canon iP2500 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2500_series /L0x001d
Canon iP2500 series användarregistrering --> C:\Program\Canon\IJEREG\iP2500 series\UNINST.EXE
Canon Utilities Easy-LayoutPrint --> C:\Program\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\Program\Canon\Easy-PrintToolBox\uninst.exe uninst.ini
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem --> C:\Program\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Dell ResourceCD --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX --> C:\Program\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player --> C:\Program\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager --> C:\Program\DELADE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1053
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
En Riktig Jul --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F4D003CD-C820-48AE-9DAB-5C54F9060839}\SETUP.EXE" -l0x1d
FirstClass® Client --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -l0x1d -uninst
Free CD-DA Extractor 4.8 --> C:\WINDOWS\iun6002.exe "C:\Program\Free CD-DA Extractor 4.8\irunin.ini"
GameSpy Arcade --> C:\Program\GAMESP~1\UNWISE.EXE C:\Program\GAMESP~1\INSTALL.LOG
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
GoToAssist 8.0.0.508 --> C:\Program\Citrix\GoToAssist\508\G2AUninstaller.exe /uninstall
Grand Theft Auto Vice City --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
Guild Wars --> "C:\Program\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark Supplies Monitor --> C:\WINDOWS\System32\LXSMUNIN.EXE
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech Desktop Messenger --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x1d UNINSTALL
Logitech SetPoint --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x1d
Malwarebytes' Anti-Malware --> "C:\Program\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program\Messenger Plus! Live\Uninstall.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9111041D-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft SQL Server Desktop Engine (PINNACLESYS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{6F6B46DC-4289-454E-8FFD-80CE597F403B}
Mozilla Firefox (2.0.0.14) --> C:\Program\Mozilla Firefox\uninstall\helper.exe
MP3 Player --> MsiExec.exe /I{EA470D3B-058E-4772-B020-3C8C1F652A2E}
Multimedia Screen Saver --> C:\Program\MULTIM~1\UNWISE.EXE C:\Program\MULTIM~1\INSTALL.LOG
MUSICMATCH® Jukebox --> C:\Program\MUSICM~1\MUSICM~2\unmatch.exe
MyDVD --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x1d -L0x1d /SMAINT
Nord --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.getnord.se/NordSwe.jnlp"
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program\Delade filer\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Personal 4.5.4 --> "C:\Program\Personal\bin\persinst.exe" -u
Pinnacle MediaCenter --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe" -l0x1d
Pinnacle MediaServer --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x1d UNINSTALL
PIXMA Extended Survey Program --> C:\Program\Canon\IJPLM\SETUP.EXE -R
PowerDVD --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
ReaderWorks Standard --> MsiExec.exe /I{6891401F-695B-447F-B3E3-3FDEDA952DC6}
Roxio CDEngine --> C:\WINDOWS\UNENG.EXE
Roxio VideoWave Movie Creator --> MsiExec.exe /I{BB46245B-CECA-406F-8790-3ABA0D01012F}
Sid Meier's Civilization 4 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
SmartSound Quicktracks Plugin --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SmartTrust Personal 3.3.1 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{15072DAB-616F-4A02-9C3A-98F5C42A4774}\Setup.exe"
Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sony Ericsson File Manager --> MsiExec.exe /X{C00FAC7F-DAF5-4FD8-83E7-5959C882A811}
Sony Ericsson Image Editor --> MsiExec.exe /X{506907A8-7146-4AFD-983A-FD08CC83D2DD}
Sony Ericsson MMS Home Studio --> MsiExec.exe /X{680DC451-F795-4D70-91B5-A3BB3BAC3A47}
Sony Ericsson Mobile Networking Wizard --> MsiExec.exe /X{03A70F27-D80E-4A22-A1B4-1C878FC6056A}
Sony Ericsson Sound Editor --> MsiExec.exe /X{8739AE20-81AF-43AA-8FAF-281B064612C2}
Sony Ericsson Sync Station --> MsiExec.exe /X{CBA04F21-D46C-46FC-9A8A-A5360F58CF94}
Sound Blaster Live! --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SPCS Administration --> MsiExec.exe /I{A737F62C-E5B4-4DF4-9CAC-5A4928BC983C}
SPORE™ Creature Creator Trial Edition --> "C:\Program\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x001d -removeonly
SpywareBlaster 4.0 --> "C:\Program\SpywareBlaster\unins000.exe"
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Star Wars(TM): Knights of the Old Republic (TM) --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Studio 10 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Text To PDF Converter v1.5 --> "C:\Program\Text2PDF v1.5\unins000.exe"
TmNationsForever --> "C:\Program\TmNationsForever\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
USB MEMORY BAR --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B1F69DF2-8C69-437E-A288-663326C4404A}\Setup.exe" -l0x9
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
VeohTV BETA --> C:\Program\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6d --> C:\Program\VideoLAN\VLC\uninstall.exe
Windows Live inloggningsassistenten --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Messenger --> MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR --> C:\Program\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type15334 / Warning
Event Submitted/Written: 06/27/2008 09:00:24 AM
Event ID/Source: 19011 / MSSQL$PINNACLESYS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type15315 / Error
Event Submitted/Written: 06/26/2008 08:41:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program rhc39rj0ej37.exe, version 0.0.0.0, felaktig modul rhc39rj0ej37.exe, version 0.0.0.0, felaktig adress 0x00044019.
Mediespecifik händelse behandlas för [rhc39rj0ej37.exe!ws!]

Event Record #/Type15306 / Warning
Event Submitted/Written: 06/26/2008 08:40:14 PM
Event ID/Source: 19011 / MSSQL$PINNACLESYS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type15281 / Error
Event Submitted/Written: 06/26/2008 07:59:10 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program spyhunter3.exe, version 1.0.13.0, felaktig modul kernel32.dll, version 5.1.2600.3119, felaktig adress 0x00012a5b.
Mediespecifik händelse behandlas för [spyhunter3.exe!ws!]

Event Record #/Type15280 / Error
Event Submitted/Written: 06/26/2008 07:58:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program iexplore.exe, version 7.0.6000.16674, felaktig modul ieui.dll, version 7.0.5730.13, felaktig adress 0x000061b5.
Mediespecifik händelse behandlas för [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type49892 / Error
Event Submitted/Written: 06/27/2008 09:01:26 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
kcp

Event Record #/Type49891 / Error
Event Submitted/Written: 06/27/2008 09:01:26 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Tjänsten Automatisk LiveUpdate-schemaläggare avbröts med följande fel:
%%2147500053

Event Record #/Type49890 / Error
Event Submitted/Written: 06/27/2008 09:01:26 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjänsten ATI Smart kunde inte startas på grund av följande fel:
%%2

Event Record #/Type49853 / Error
Event Submitted/Written: 06/26/2008 08:41:20 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
kcp

Event Record #/Type49852 / Error
Event Submitted/Written: 06/26/2008 08:41:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Tjänsten Automatisk LiveUpdate-schemaläggare avbröts med följande fel:
%%2147500053



-- End of Deckard's System Scanner: finished at 2008-06-27 11:03:35 ------------

This is the results of virustotal on C:\WINDOWS\system32\lphc79rj0ej37.exe

Fil lphc79rj0ej37.exe mottagen 2008.06.27 11:20:26 (CET)
Närvarande status: genomförd
Resultat: 10/33 (30.30%)
Compact Compact
Skriv ut resultat Skriv ut resultat
Antivirus Version Senaste Uppdatering Resultat
AhnLab-V3 - - -
AntiVir - - TR/Vundo.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - W32/Tibs.JNF!tr
GData - - -
Ikarus - - Trojan.Vundo
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Tibs.GK
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - Mal/Generic-A
Sunbelt - - -
Symantec - - Trojan.Fakeavalert
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Vundo.Gen
Övrig information
MD5: 37c7ce6bcfc6ce5f0a65f8e4a6b9fb8b
SHA1: 76ed1a18c55ef39818e6ebc8f6436a972075ff51
SHA256: e2ebc8426b9546a22855f31ad3559398a0a0c165bdae4bca3a8244d6d435f720
SHA512: ecf7464197ee01ca662c7c3fe3dde6911fc95b7e20df857b1be64d31d311d72d2e80875af5746124ac862c8d0be7dab70fbcd1c42e2e026923ed3b1ce21c5503

And here are the results of virustotals scan of C:\Program\rhc39rj0ej37\rhc39rj0ej37.exe

Fil rhcn7cj0ea59.exe mottagen 2008.06.26 15:43:04 (CET)
Närvarande status: genomförd
Resultat: 5/33 (15.15%)
Compact Compact
Skriv ut resultat Skriv ut resultat
Antivirus Version Senaste Uppdatering Resultat
AhnLab-V3 2008.6.26.0 2008.06.26 -
AntiVir 7.8.0.59 2008.06.26 TR/Drop.Age.1642496
Authentium 5.1.0.4 2008.06.25 -
Avast 4.8.1195.0 2008.06.26 -
AVG 7.5.0.516 2008.06.26 -
BitDefender 7.2 2008.06.26 -
CAT-QuickHeal 9.50 2008.06.26 -
ClamAV 0.93.1 2008.06.26 -
DrWeb 4.44.0.09170 2008.06.26 -
eSafe 7.0.17.0 2008.06.25 -
eTrust-Vet 31.6.5907 2008.06.26 -
Ewido 4.0 2008.06.26 -
F-Prot 4.4.4.56 2008.06.25 -
F-Secure 7.60.13501.0 2008.06.24 -
Fortinet 3.14.0.0 2008.06.26 -
GData 2.0.7306.1023 2008.06.26 -
Ikarus T3.1.1.26.0 2008.06.26 Trojan.Win32.Tibs.GK
Kaspersky 7.0.0.125 2008.06.26 -
McAfee 5325 2008.06.25 -
Microsoft 1.3704 2008.06.26 Trojan:Win32/Tibs.GK
NOD32v2 3221 2008.06.26 -
Norman 5.80.02 2008.06.26 -
Panda 9.0.0.4 2008.06.26 -
Prevx1 V2 2008.06.26 Suspicious
Rising 20.50.32.00 2008.06.26 -
Sophos 4.30.0 2008.06.26 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.26 -
TheHacker 6.2.92.362 2008.06.26 -
TrendMicro 8.700.0.1004 2008.06.26 -
VBA32 3.12.6.8 2008.06.26 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.26 Trojan.Drop.Age.1642496
Övrig information
File size: 1214976 bytes
MD5...: a06937ee3ab217a97affa6e2e9562a98
SHA1..: 296a7f2d89066bfc27705260112cb065afeb5d9e
SHA256: 084f31ccf8b074f40995f64764a101ca5b9c9d2d73485b6ce6c831cb6d248e32
SHA512: 5bdd49e6a3c68e27ed7e5af7e7a3686362826748355d75cd41f94e37e92325d3
f17ddca9fece50d0bb2012f99f7aa1fca9da365474f75cb369c8500c929dc706
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4080ff
timedatestamp.....: 0x485d43ab (Sat Jun 21 18:08:43 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7f5b6 0x3aa00 8.00 52d73e5866d089b4ae74b3159302bc77
.rdata 0x81000 0x23b9e 0xc600 8.00 ffe74596c0adfcb9ab145f199ae8c75c
.data 0xa5000 0x1bfc1 0xc800 8.00 5616b0c42196ca1ac382d2e919296e5c
.tls 0xc1000 0xe76 0x200 7.62 8fd422fcf2dc99ffd720a37272d7c5a4
.rsrc 0xc2000 0xd4000 0xd4000 5.10 777b0080d4663df1dff625d0cf10217c

( 3 imports )
> kernel32.dll: CompareFileTime, CopyFileW, CreateThread, DefineDosDeviceW, EnumResourceTypesW, GetCommConfig, GetConsoleWindow, GetDateFormatW
> user32.dll: DdePostAdvise, CascadeWindows, ClientToScreen
> msvcrt.dll: _mbccpy, _mbctombb, _mbsdec, _pctype, _snprintf, _snwprintf

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext. ... 008C1C6CD3
soaring goat
Regular Member
 
Posts: 15
Joined: June 26th, 2008, 2:16 pm

Re: Antivirus XP 2008. I need help removing it.

Unread postby peku006 » June 27th, 2008, 7:25 am

Hi soaring goat

I see you have P2P software ( uTorrent ,Azureus ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.This pagewill give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

1 - uninstall some programs

    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add remove programs
    click on the following programs

    AntivirXP08
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1


    and click on remove

2 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
      O4 - HKLM\..\Run: [lphc79rj0ej37] C:\WINDOWS\system32\lphc79rj0ej37.exe
      O4 - HKLM\..\Run: [SMrhc39rj0ej37] C:\Program\rhc39rj0ej37\rhc39rj0ej37.exe
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
      O21 - SSODL: MonKernel - {46b707a9-37a6-4b9c-9f35-d4d1198dfbe5} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

3 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

4 - Delete files using OTMoveIt2
  • Download OTMoveIt2 from here and save it to your desktop
  • Launch OTMoveIt2
  • Select everything in the below codebox and copy it by pressing ctrl-c:
    Code: Select all
    C:\WINDOWS\system32\pphc79rj0ej37.exe
    C:\WINDOWS\etgv.exe
    C:\WINDOWS\system32\blphc79rj0ej37.scr
    C:\WINDOWS\system32\lphc79rj0ej37.exe
    C:\WINDOWS\system32\CJQrtBeg.ini2
    C:\WINDOWS\system32\tsYFOnnn.ini2
    C:\windows\system32\zqgkjoqr.kot
    C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37
    C:\Program\rhc39rj0ej37
    
  • Return to OTMoveIt2, right click in the box titled Paste List of Files/Folders to be moved and click Paste
  • The content of this box should now be identical to the content of the box you copied from
  • Click the red MoveIt! button to delete the files. Allow the program to reboot your computer if it prompts you about it.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created)
  • Include this log in your next post

5 - Fix file associations with DSS
Click start/ run copy/paste :

"%userprofile%\desktop\dss.exe" /daft

Read the disclaimer and click OK.
  • Click on the Scan button.
  • Place a checkmark next to the following entries in case they appear:
  • .reg
  • .scr
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • I'll need that log later.

6 - Run Kaspersky Online AV Scanner

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


7- Run Hijackthis

Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

8 - Status Check
Please reply with

1. the OTMoveIt2 log
2. the daft.txt ( Deckard's System Scan )
3. the Kaspersky online scanner report
4. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Antivirus XP 2008. I need help removing it.

Unread postby soaring goat » June 27th, 2008, 8:48 am

Hi again peku006.

I tried to do what you said but when I came to the fifth paragraph (where I was supposed to paste "%userprofile%\desktop\dss.exe" /daft in start/run) I got an error message saying something like this:

C:\Documents and Settings\Maria Eriksson\desktop is refering to a place that is unavailable. It can(/could) be a harddrive on this computer or on a network. Make sure that the disc is correctly connected and that the computer is connected to the Internet or the network. Then try again. If the place still can't be found the information could have been moved to another place.

Or since you might understand the swedish version better:

:\Documents and Settings\Maria Eriksson\desktop refererar till en plats som inte är tillgänglig. Det kan vara en hårddisk på den här datorn eller på ett nätverk. Kontrollera att disken är korrekt ansluten till Internet eller nätverket. Försök sedan på nytt. Om platsen fortfarande inte kan hittas kan det bero på att informationen har flyttats till en annan plats.

I won't continue your previous advice until we've cleared this up.

Looking forward to you reply,

floating goat
soaring goat
Regular Member
 
Posts: 15
Joined: June 26th, 2008, 2:16 pm

Re: Antivirus XP 2008. I need help removing it.

Unread postby peku006 » June 27th, 2008, 12:42 pm

Hi soaring goat

I'm sorry for my bad ,you have Swedish version of Windows
it´s not "desktop" it´s skrivbord

Please do the following

Click start/ run copy/paste :

"%userprofile%\skrivbord\dss.exe" /daft
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Antivirus XP 2008. I need help removing it.

Unread postby soaring goat » June 28th, 2008, 8:29 am

Hello peku006

I uninstalled uTorrent like you advised me to do, but I couldn't find azureus in the add/remove programs list. I never use azureus anyway so maybe it doesn't matter.

I have a couple of question btw about this malware.

1) The infected computer, a laptop and my Xbox 360 are all connected to a router. So far I haven't turned the laptop or the xbox on in case the malware can spread through the router.
Is that possible? Should I avoid using the laptop/Xbox until we've removed the malware?

2) I'm going to Morocco Thursday next week, and I was wondering if we could continue cleaning my computer when I get back (around the 27th) unless it's clean by Wednesday? And will my computer get more infected while I'm gone? While I'm gone no one will be able to use the compter but I honestly don't know if Antivirus XP 2008 could spread or something.

Here is the OTMoveIt2 log
C:\WINDOWS\system32\pphc79rj0ej37.exe moved successfully.
C:\WINDOWS\etgv.exe moved successfully.
C:\WINDOWS\system32\blphc79rj0ej37.scr moved successfully.
C:\WINDOWS\system32\lphc79rj0ej37.exe moved successfully.
C:\WINDOWS\system32\CJQrtBeg.ini2 moved successfully.
C:\WINDOWS\system32\tsYFOnnn.ini2 moved successfully.
File/Folder C:\windows\system32\zqgkjoqr.kot not found.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\Packages moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37\Quarantine moved successfully.
C:\Documents and Settings\Maria Eriksson\Application Data\rhc39rj0ej37 moved successfully.
C:\Program\rhc39rj0ej37 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06272008_143252


Here is the daft.txt :

DAFT Log saved on 2008-06-28 10:43:13
-----------------------------------------------------------------------
All associations okay!


Here is the Kaspersky report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 28, 2008 07:43:29
Records in database: 894587
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 122723
Threat name: 34
Infected objects: 224
Suspicious objects: 0
Duration of the scan: 03:20:36


File name / Threat name / Threats count
C:\36110103225.exe Infected: Trojan-Downloader.Win32.Small.dya 1
C:\Deckard\System Scanner\20080628104132\backup\DOCUME~1\MARIAE~1\LOKALA~1\Temp\.tt1C.tmp Infected: Trojan-Dropper.Win32.NSIS.f 1
C:\Deckard\System Scanner\20080628104132\backup\DOCUME~1\MARIAE~1\LOKALA~1\Temp\.tt71.tmp Infected: Trojan-Downloader.Win32.FraudLoad.vacf 1
C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TIME EGGS.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TWO VGA.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\00C42690.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\01147346 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\01C40EB1.jpg Infected: Trojan.Win32.DNSChanger.as 1
C:\Program\Norton AntiVirus\Quarantine\026F2F89.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\02CF7E55 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\02D22851 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\02F6762A Infected: not-a-virus:AdWare.Win32.BHO.fb 1
C:\Program\Norton AntiVirus\Quarantine\02FA2B8B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\03031E1B Infected: not-a-virus:AdWare.Win32.BHO.fb 1
C:\Program\Norton AntiVirus\Quarantine\042D60C6 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\0650628C Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\068E1C14 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\075C1AC0.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\0769664B.exe Infected: Trojan-Downloader.Win32.Tiny.cl 1
C:\Program\Norton AntiVirus\Quarantine\08537A24.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\0ACA7939.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\0D1E3697.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\0D5E682B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\0DBC3D88.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Program\Norton AntiVirus\Quarantine\0DF27168.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\0E7D4F63.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\0F254084.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\0FA70C2E.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\106F0461.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\10C141EB.EXE Infected: Trojan.Win32.Patched.af 1
C:\Program\Norton AntiVirus\Quarantine\10F3598D.EXE Infected: Trojan.Win32.Patched.af 1
C:\Program\Norton AntiVirus\Quarantine\10F60389.exe Infected: Trojan.Win32.Patched.af 1
C:\Program\Norton AntiVirus\Quarantine\10FB67CD Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\11CD5E7E.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\13D30CD4 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\15A903F0.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\169A2EC9.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\16FF095C.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\17334102.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\174702FE.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\17530A9F.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\17F5160D.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\17FD581F.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\17FD7887.exe Infected: Trojan-Proxy.Win32.Lager.bi 1
C:\Program\Norton AntiVirus\Quarantine\18561220.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\18B14413.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\19DA3748.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\1D5D3449.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\1D61724A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\1E437A74.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\1E604FFB.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\1F310B4F.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\1F504222.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\1FA729F1.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\20635D0E.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\21203593.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\214C7B25.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Program\Norton AntiVirus\Quarantine\21E57349.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\2203761A.EXE Infected: Backdoor.Win32.IRCBot.abf 1
C:\Program\Norton AntiVirus\Quarantine\228A76D2.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\25842306 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\262A4093.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\26B66EA1.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\26CA61CE Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\29165A99.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\2A524ED0.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\2B11630D.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\2C0656CE.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\2C594001 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\2D8F255A Infected: Trojan-Proxy.Win32.Lager.bi 1
C:\Program\Norton AntiVirus\Quarantine\2DF54DCA.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\2FC93B4B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\2FD65BB0.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\307C187C.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\30AE6377 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\310475EA.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\31706694.exe Infected: Packed.Win32.Tibs 1
C:\Program\Norton AntiVirus\Quarantine\3174535D.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\32A25801.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\34BC0B25.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\36B468DC.exe Infected: Trojan-PSW.Win32.WOW.hm 1
C:\Program\Norton AntiVirus\Quarantine\36D85441.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\37600FA1.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\37F1009A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\37F43D8B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\38226D9C.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\38230552.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\386C27F8.exe Infected: not-virus:Hoax.Win32.Renos.dk 1
C:\Program\Norton AntiVirus\Quarantine\387F23E2.exe Infected: not-virus:Hoax.Win32.Renos.dk 1
C:\Program\Norton AntiVirus\Quarantine\396C2851.dll Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\396F6063.dll Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\39720A60.dll Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\39D81FF0.dll Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\3A620539 Infected: Trojan-Downloader.Win32.Small.dpz 1
C:\Program\Norton AntiVirus\Quarantine\3B704752.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\3B851FC7.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\405E4B78.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\414F1A56.exe Infected: Trojan-Downloader.Win32.Agent.cbc 1
C:\Program\Norton AntiVirus\Quarantine\415C5283.exe Infected: Trojan-Downloader.Win32.VB.aan 1
C:\Program\Norton AntiVirus\Quarantine\41D701EF.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\422D7C89.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\42C2433A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\42C663E2.exe Infected: Trojan.Win32.Patched.af 1
C:\Program\Norton AntiVirus\Quarantine\43656632.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\43706536.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\44952E04 Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Program\Norton AntiVirus\Quarantine\44A255F6 Infected: Trojan-Proxy.Win32.Lager.bi 1
C:\Program\Norton AntiVirus\Quarantine\44DB7282.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\45282DD5.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\456F4FC3.exe Infected: Packed.Win32.Tibs 1
C:\Program\Norton AntiVirus\Quarantine\457B380C.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\45ED758F.sys Infected: Trojan-PSW.Win32.Agent.lf 1
C:\Program\Norton AntiVirus\Quarantine\475C397A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\47726390 Infected: not-a-virus:Downloader.Win32.WinFixer.o 1
C:\Program\Norton AntiVirus\Quarantine\480A710B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\48322405 Infected: Trojan-PSW.Win32.WOW.hm 1
C:\Program\Norton AntiVirus\Quarantine\483E5A96 Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\489B70D2 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\48B02EE8.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\497427C8.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\4990109B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\499E22F5 Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\49C66C54 Infected: Trojan-DDoS.Win32.Boxed.s 1
C:\Program\Norton AntiVirus\Quarantine\49CD404D Infected: Trojan-DDoS.Win32.Boxed.t 1
C:\Program\Norton AntiVirus\Quarantine\4AA37B9A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\4B7F6ACA.exe Infected: Trojan-Spy.Win32.BZub.in 1
C:\Program\Norton AntiVirus\Quarantine\4B8214C6.exe Infected: Trojan-Proxy.Win32.Dlena.ad 1
C:\Program\Norton AntiVirus\Quarantine\4F147125 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\4F901040.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\500257EF.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\50A21335.jpg Infected: Trojan.Win32.DNSChanger.as 1
C:\Program\Norton AntiVirus\Quarantine\50DF2B38.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\51DD015E.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\51E6175F.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\538D3A4C.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\54222EEC.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Program\Norton AntiVirus\Quarantine\54C46563 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\54D27CB8.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\556D267A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\55AB07FC.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\561B2A71.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\56803EC5.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\58574755.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\589532DA.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\5A634286 Infected: Trojan-Downloader.Win32.Tiny.cl 1
C:\Program\Norton AntiVirus\Quarantine\5AA156D5 Infected: not-a-virus:AdWare.Win32.BHO.fb 1
C:\Program\Norton AntiVirus\Quarantine\5AF62702 Infected: Trojan-Downloader.Win32.VB.aeq 1
C:\Program\Norton AntiVirus\Quarantine\5B5E5A04 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\5B8651D9 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\5BD20218.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\5CD11FDE.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\5DF74D31.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\5E3718F1.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\5E4628D5.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\5E48761B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\5EBD4FE7.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\5F1E0AD6 Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\60EC59F4 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\61202EB9.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\617D4872.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\620E7D33.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\622C291E.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\62304A28.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\63A35FEE.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\64520E38.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\64D32D17.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\66906202 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\6A3B7835 Infected: Trojan-Clicker.Win32.Small.js 1
C:\Program\Norton AntiVirus\Quarantine\6AE60578 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\6AF37B9B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6C3855E7.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6C3D59CD.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6CEC5D96.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6DA259B2.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6DAA6FB4.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6DC64E59.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6E6F4A61.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6EC754F8.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6F80231A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\6FDC1853 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\6FDF4250 Infected: not-a-virus:AdWare.Win32.BHO.fd 1
C:\Program\Norton AntiVirus\Quarantine\70212C3E.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\702F2091.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\70AE5B5B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\72211E00 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\75460805.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\76053478.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\76425BDD Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\76A55D0B.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\771C7B55.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\775F007C Infected: Trojan.Win32.Obfuscated.io 1
C:\Program\Norton AntiVirus\Quarantine\77D4100A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\788221B3.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\78886BD4.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\78F01732.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\79A505C5.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7A3F0DD0.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7B8A2E22.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Program\Norton AntiVirus\Quarantine\7BCB75DA.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Program\Norton AntiVirus\Quarantine\7BE02687.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7C40514C.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7C687641.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7CB60CBA.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7CEA583F Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\7CED023B Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\7CF02C37 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\7CF35634 Infected: Trojan.Win32.Obfuscated.en 1
C:\Program\Norton AntiVirus\Quarantine\7CFD05E2.exe Infected: Trojan.Win32.Patched.af 1
C:\Program\Norton AntiVirus\Quarantine\7D490870.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7D580E27.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7DEF3DAE.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7E6F3211.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7EE34356.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7F340651.dll Infected: not-a-virus:AdWare.Win32.BHO.fb 1
C:\Program\Norton AntiVirus\Quarantine\7F380FC0.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\Norton AntiVirus\Quarantine\7F84349A.exe Infected: Trojan.Win32.Patched.q 1
C:\Program\WoodiiMeny2\redist\vtz3f.exe Infected: not-a-virus:AdWare.Win32.EShoper.d 1
C:\WINDOWS\system32\15.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\WINDOWS\system32\C.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\WINDOWS\system32\Setup_ver1.1351.25.exe Infected: Trojan-Downloader.Win32.Zlob.pnq 1
C:\WINDOWS\Web\def.htm Infected: not-virus:Hoax.HTML.Secureinvites.c 1
C:\_OTMoveIt\MovedFiles\06272008_143252\Program\rhc39rj0ej37\rhc39rj0ej37.exe Infected: Trojan-Downloader.Win32.FraudLoad.vacf 1
C:\_OTMoveIt\MovedFiles\06272008_143252\WINDOWS\etgv.exe Infected: Trojan.Win32.Vapsup.hdq 1
C:\_OTMoveIt\MovedFiles\06272008_143252\WINDOWS\system32\pphc79rj0ej37.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

The selected area was scanned.


And here is a fresh Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:40, on 2008-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Canon\IJPLM\IJPLMSVC.EXE
C:\Program\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program\Creative\SBLive\Diagnostics\diagent.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\QTTask.exe
C:\Program\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Logitech\SetPoint\KEM.exe
C:\Program\Personal\bin\Personal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Logitech\SetPoint\KHALMNPR.EXE
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINDOWS\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [diagent] "C:\Program\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] "C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TWO VGA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/1481 ... scan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/app ... OFILER.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: GoToAssist - C:\Program\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11280 bytes

I don't think I ever thanked you for helping me, and I know we're not out of this yet I still feel quite confident with someone as comptent as you watching over my should so to speak.
soaring goat
Regular Member
 
Posts: 15
Joined: June 26th, 2008, 2:16 pm

Re: Antivirus XP 2008. I need help removing it.

Unread postby peku006 » June 29th, 2008, 9:37 am

Hi soaring goat
can spread through the router.

No, this malware will not infect your router
if we could continue cleaning my computer when I get back

Yes, If we have not completed
And will my computer get more infected while I'm gone? While I'm gone no one will be able to use the compter but I honestly don't know if Antivirus XP 2008 could spread or something.

Antivirus XP 2008 is away,so there should not be any worries

You have a program called WoodiiMeny2 installed - do you know what this is and did you intentionally install it?

Please empty your Norton Antivirus qurantine

1- Download and Run NoLop

Please download NoLop and save to your desktop from one of the links below
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Please post the contents of C:\NoLop.log later.
Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to C:\WINDOWS\system32\ folder then rerun the program.

2 - Delete files using OTMoveIt2
  • Download OTMoveIt2 from here and save it to your desktop
  • Launch OTMoveIt2
  • Select everything in the below codebox and copy it by pressing ctrl-c:
    Code: Select all
    C:\36110103225.exe
    C:\WINDOWS\system32\15.tmp 
    C:\WINDOWS\system32\C.tmp
    C:\WINDOWS\system32\Setup_ver1.1351.25.exe
    C:\WINDOWS\Web\def.htm
    
  • Return to OTMoveIt2, right click in the box titled Paste List of Files/Folders to be moved and click Paste
  • The content of this box should now be identical to the content of the box you copied from
  • Click the red MoveIt! button to delete the files. Allow the program to reboot your computer if it prompts you about it.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created)
  • Include this log in your next post

3 - Malwarebytes' Anti-Malware

  • Launch Malwarebytes' Anti-Malware
  • Click Update
  • Then click Check for Updates
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


3 - Status Check
Please reply with

1. the NoLop.log
2. the OTMoveIt2 log
3. the Malwarebytes' Anti-Malware Log
4. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Antivirus XP 2008. I need help removing it.

Unread postby soaring goat » June 29th, 2008, 11:15 am

Hi again peku006

Yes, WoodiiMeny2 is something my mother installed on the computer a long time ago. It's a game and my sister played it for a while. I've tried to remove once but I didn't succeed so I just ignored it.

So here are my logs and stuff starting with NoLop.log
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Maria Eriksson\Skrivbord
[2008-06-29]
[15:50:32]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Azureus
C:\Documents and Settings\All Users\Application Data\Canonbj
C:\Documents and Settings\All Users\Application Data\Canonijplm
C:\Documents and Settings\All Users\Application Data\Ccp
C:\Documents and Settings\All Users\Application Data\Comodo
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Disney Interactive
C:\Documents and Settings\All Users\Application Data\Dumb Pure Bind Support
C:\Documents and Settings\All Users\Application Data\Firstclass
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Hklqvidk -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\My Pictures
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Prevx -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Roxio
C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Spcs
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trackmania
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\All Users\Application Data\{0e8e33d8-193a-414a-a909-0f101a142d26}
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Maria Eriksson\Application Data\About Book
C:\Documents and Settings\Maria Eriksson\Application Data\Adobe
C:\Documents and Settings\Maria Eriksson\Application Data\Adobeum
C:\Documents and Settings\Maria Eriksson\Application Data\Apple Computer
C:\Documents and Settings\Maria Eriksson\Application Data\Azureus
C:\Documents and Settings\Maria Eriksson\Application Data\Comodo
C:\Documents and Settings\Maria Eriksson\Application Data\Cyberlink
C:\Documents and Settings\Maria Eriksson\Application Data\Daemon Tools
C:\Documents and Settings\Maria Eriksson\Application Data\Dvdcss
C:\Documents and Settings\Maria Eriksson\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Maria Eriksson\Application Data\Help
C:\Documents and Settings\Maria Eriksson\Application Data\Identities
C:\Documents and Settings\Maria Eriksson\Application Data\Intertrust
C:\Documents and Settings\Maria Eriksson\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Maria Eriksson\Application Data\Limewire
C:\Documents and Settings\Maria Eriksson\Application Data\Logitech
C:\Documents and Settings\Maria Eriksson\Application Data\Macromedia
C:\Documents and Settings\Maria Eriksson\Application Data\Malwarebytes
C:\Documents and Settings\Maria Eriksson\Application Data\Microsoft
C:\Documents and Settings\Maria Eriksson\Application Data\Mozilla
C:\Documents and Settings\Maria Eriksson\Application Data\My Games
C:\Documents and Settings\Maria Eriksson\Application Data\Netscape
C:\Documents and Settings\Maria Eriksson\Application Data\Oblivion Network
C:\Documents and Settings\Maria Eriksson\Application Data\Personal
C:\Documents and Settings\Maria Eriksson\Application Data\Pinnacle Systems
C:\Documents and Settings\Maria Eriksson\Application Data\Roxio
C:\Documents and Settings\Maria Eriksson\Application Data\Spore Creature Creator
C:\Documents and Settings\Maria Eriksson\Application Data\Sun
C:\Documents and Settings\Maria Eriksson\Application Data\Supportsoft
C:\Documents and Settings\Maria Eriksson\Application Data\Symantec
C:\Documents and Settings\Maria Eriksson\Application Data\Tuneup Software
C:\Documents and Settings\Maria Eriksson\Application Data\U3
C:\Documents and Settings\Maria Eriksson\Application Data\Vlc
C:\Documents and Settings\Maria Eriksson\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Xfire -- EMPTY Directory



OtMoveIt2 log


C:\36110103225.exe moved successfully.
C:\WINDOWS\system32\15.tmp moved successfully.
C:\WINDOWS\system32\C.tmp moved successfully.
C:\WINDOWS\system32\Setup_ver1.1351.25.exe moved successfully.
C:\WINDOWS\Web\def.htm moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06292008_155637


Malwerebytes Anti-Maleware log:

Malwarebytes' Anti-Malware 1.19
Databasversion: 901
Windows 5.1.2600 Service Pack 2

16:56:15 2008-06-29
mbam-log-6-29-2008 (16-56-15).txt

Skanningstyp: Fullständig skanning (A:\|C:\|D:\|E:\|F:\|)
Antal skannade objekt: 157788
Förfluten tid: 55 minute(s), 26 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 1
Infekterade registervärden: 0
Infekterade registerdataposter: 2
Infekterade mappar: 0
Infekterade filer: 11

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Deckard\System Scanner\20080628104132\backup\DOCUME~1\MARIAE~1\LOKALA~1\Temp\.tt1C.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BB06C1F3-E02C-4A70-B0C7-9ED285173AAC}\RP35\A0010228.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BB06C1F3-E02C-4A70-B0C7-9ED285173AAC}\RP36\A0010280.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BB06C1F3-E02C-4A70-B0C7-9ED285173AAC}\RP37\A0010334.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BB06C1F3-E02C-4A70-B0C7-9ED285173AAC}\RP38\A0010361.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\06272008_143252\Program\rhc39rj0ej37\rhc39rj0ej37Skin.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\06272008_143252\WINDOWS\system32\pphc79rj0ej37.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\06292008_155637\WINDOWS\system32\15.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\06292008_155637\WINDOWS\system32\C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Skrivbord\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc79rj0ej37.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


And my latest Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:46, on 2008-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Canon\IJPLM\IJPLMSVC.EXE
C:\Program\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Creative\SBLive\Diagnostics\diagent.exe
C:\Program\QTTask.exe
C:\Program\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Logitech\SetPoint\KHALMNPR.EXE
C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINDOWS\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [diagent] "C:\Program\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] "C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TWO VGA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/1481 ... scan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/app ... OFILER.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: GoToAssist - C:\Program\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11193 bytes


soaring goat
soaring goat
Regular Member
 
Posts: 15
Joined: June 26th, 2008, 2:16 pm

Re: Antivirus XP 2008. I need help removing it.

Unread postby peku006 » June 29th, 2008, 12:54 pm

Hi soaring goat
WoodiiMeny2 is AdWare.Win32.EShoper.d
We need to remove it

1 - Delete files using OTMoveIt2
  • Launch OTMoveIt2
  • Select everything in the below codebox and copy it by pressing ctrl-c:
    Code: Select all
    C:\Documents and Settings\All Users\Application Data\dumb pure bind support
    C:\Program\WoodiiMeny2
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\\woodii_updater
    
  • Return to OTMoveIt2, right click in the box titled Paste List of Files/Folders to be moved and click Paste
  • The content of this box should now be identical to the content of the box you copied from
  • Click the red MoveIt! button to delete the files. Allow the program to reboot your computer if it prompts you about it.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created)
  • Include this log in your next post

2 - Run F-Secure Online Scan

Scan online using F-Secure Online Scanner Next Generation using Internet Explorer
http://support.f-secure.com/enu/home/ols.shtml
Click on the link "F-Secure Online Scanner Next Generation".
You may receive an alert on the address bar at this point to install the ActiveX control.
Click on that alert and then Click Insall ActiveX component.
Read the license agreement and click "Accept".
Click "Full System Scan" to download the scanning components and begin scan and cleaning.
When done click "Show report" and copy/paste its contents into your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the OTMoveIt2 log
2. the F-Secure online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Antivirus XP 2008. I need help removing it.

Unread postby soaring goat » July 1st, 2008, 3:54 am

Hi again

I just wanted to let you know that the F-secure scan stopped yesterday.

I turned on the scan about 11:00 yesterday, and it kept going until I went to watch TV at about 22:00. I went back to check on it at about 00:00 and I noticed that It was stuck searching. It said it was searching some file (I don't know which one since I was too tired and out of it to write it down) but I do know that it was the 543632nd file in the search. At 00:30 it was still on that same file, and I wanted to stop it but I figured maybe it takes a long time to search just that file so I let it run all night.
My mother gets up earlier than me and she told me that for a time one could ot use internet explorer but when I woke up both IE and Firefox were fine.

I don't know if this was a once in a lifetime thing, or it it'll happen alot, but as soon as I'm done with this message I'll try again with the F-secure scan.

Just wanted to let you know why it's taking so long and how I'm doing.
soaring goat
Regular Member
 
Posts: 15
Joined: June 26th, 2008, 2:16 pm

Re: Antivirus XP 2008. I need help removing it.

Unread postby soaring goat » July 1st, 2008, 1:35 pm

Hi peku006

I tried the F-secure virusscan again it worked fine.

So here is the OT log:

C:\Documents and Settings\All Users\Application Data\dumb pure bind support moved successfully.
C:\Program\WoodiiMeny2\redist moved successfully.
C:\Program\WoodiiMeny2\media moved successfully.
C:\Program\WoodiiMeny2\gfx moved successfully.
C:\Program\WoodiiMeny2\club moved successfully.
C:\Program\WoodiiMeny2\bok moved successfully.
C:\Program\WoodiiMeny2\bladet moved successfully.
C:\Program\WoodiiMeny2 moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\\woodii_updater >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\\woodii_updater not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06302008_120837



Followed by the F-secure results:
Scanning Report
Tuesday, July 01, 2008 10:29:34 - 18:36:29

Computer name: MARIA-88L53ZXZY
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 196 malware found
Backdoor.Win32.IRCBot.abf (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2203761A.EXE (Renamed & Submitted)

Packed.Win32.Tibs (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\31706694.EXE (Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\456F4FC3.EXE (Submitted)

Tracking Cookie (spyware)

* System

Trojan-Clicker.Win32.Small.js (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6A3B7835 (Renamed & Submitted)

Trojan-DDoS.Win32.Boxed.s (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\49C66C54 (Renamed & Submitted)

Trojan-DDoS.Win32.Boxed.t (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\49CD404D (Renamed & Submitted)

Trojan-Downloader.Win32.Agent.cbc (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\414F1A56.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.FraudLoad.vacf (virus)

* C:\_OTMOVEIT\MOVEDFILES\06272008_143252\PROGRAM\RHC39RJ0EJ37\RHC39RJ0EJ37.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Small.dam (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\44952E04 (Renamed & Submitted)

Trojan-Downloader.Win32.Small.dpz (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\3A620539 (Renamed & Submitted)

Trojan-Downloader.Win32.Small.dya (virus)

* C:\_OTMOVEIT\MOVEDFILES\06292008_155637\36110103225.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Tiny.cl (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0769664B.EXE (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5A634286 (Renamed & Submitted)

Trojan-Downloader.Win32.VB.aan (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\415C5283.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.VB.aeq (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5AF62702 (Renamed & Submitted)

Trojan-Downloader.Win32.Zlob.pnq (virus)

* C:\_OTMOVEIT\MOVEDFILES\06292008_155637\WINDOWS\SYSTEM32\SETUP_VER1.1351.25.EXE (Renamed & Submitted)

Trojan-PSW.Win32.Agent.lf (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\45ED758F.SYS (Renamed & Submitted)

Trojan-PSW.Win32.WOW.hm (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\36B468DC.EXE (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\48322405 (Renamed & Submitted)

Trojan-Proxy.Win32.Dlena.ad (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\4B8214C6.EXE (Renamed & Submitted)

Trojan-Proxy.Win32.Lager.aq (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0DBC3D88.DLL (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\214C7B25.DLL (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\54222EEC.DLL (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7B8A2E22.DLL (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7BCB75DA.DLL (Renamed & Submitted)

Trojan-Proxy.Win32.Lager.bi (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\17FD7887.EXE (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2D8F255A (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\44A255F6 (Renamed & Submitted)

Trojan-Spy.Win32.BZub.in (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\4B7F6ACA.EXE (Renamed & Submitted)

Trojan.Win32.DNSChanger.as (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\01C40EB1.JPG (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\50A21335.JPG (Renamed & Submitted)

Trojan.Win32.Obfuscated.en (virus)

* C:\_OTMOVEIT\MOVEDFILES\06302008_120837\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DUMB PURE BIND SUPPORT\TIME EGGS.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\06302008_120837\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DUMB PURE BIND SUPPORT\TWO VGA.EXE (Renamed)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\01147346 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\26CA61CE (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2C594001 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\489B70D2 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\4F147125 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\54C46563 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\60EC59F4 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\66906202 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\72211E00 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\76425BDD (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7CEA583F (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7CED023B (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7CF02C37 (Renamed & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7CF35634 (Renamed & Submitted)

Trojan.Win32.Obfuscated.io (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\775F007C (Renamed & Submitted)

Trojan.Win32.Patched.af (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\10C141EB.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\10F3598D.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\10F60389.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\42C663E2.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7CFD05E2.EXE (Disinfected & Submitted)

Trojan.Win32.Patched.q (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\00C42690.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\026F2F89.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\02FA2B8B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\075C1AC0.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\08537A24.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0ACA7939.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0D1E3697.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0D5E682B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0DF27168.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0E7D4F63.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0F254084.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\0FA70C2E.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\106F0461.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\11CD5E7E.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\15A903F0.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\169A2EC9.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\16FF095C.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\17334102.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\174702FE.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\17530A9F.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\17F5160D.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\17FD581F.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\18561220.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\18B14413.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\19DA3748.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\1D5D3449.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\1D61724A.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\1E437A74.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\1E604FFB.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\1F310B4F.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\1F504222.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\1FA729F1.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\20635D0E.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\21203593.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\21E57349.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\228A76D2.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\262A4093.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\26B66EA1.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\29165A99.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2A524ED0.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2B11630D.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2C0656CE.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2DF54DCA.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2FC93B4B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\2FD65BB0.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\307C187C.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\310475EA.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\3174535D.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\32A25801.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\34BC0B25.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\36D85441.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\37600FA1.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\37F1009A.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\37F43D8B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\38226D9C.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\38230552.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\3B704752.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\3B851FC7.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\405E4B78.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\41D701EF.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\422D7C89.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\42C2433A.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\43656632.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\43706536.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\44DB7282.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\45282DD5.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\457B380C.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\475C397A.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\480A710B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\483E5A96 (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\48B02EE8.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\497427C8.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\4990109B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\499E22F5 (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\4AA37B9A.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\4F901040.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\500257EF.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\50DF2B38.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\51DD015E.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\51E6175F.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\538D3A4C.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\54D27CB8.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\556D267A.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\55AB07FC.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\561B2A71.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\56803EC5.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\58574755.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\589532DA.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5BD20218.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5CD11FDE.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5DF74D31.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5E3718F1.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5E4628D5.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5E48761B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5EBD4FE7.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\5F1E0AD6 (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\61202EB9.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\617D4872.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\620E7D33.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\622C291E.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\62304A28.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\63A35FEE.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\64520E38.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\64D32D17.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6AF37B9B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6C3855E7.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6C3D59CD.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6CEC5D96.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6DA259B2.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6DAA6FB4.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6DC64E59.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6E6F4A61.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6EC754F8.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\6F80231A.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\70212C3E.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\702F2091.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\70AE5B5B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\75460805.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\76053478.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\76A55D0B.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\771C7B55.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\77D4100A.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\788221B3.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\78886BD4.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\78F01732.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\79A505C5.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7A3F0DD0.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7BE02687.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7C40514C.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7C687641.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7CB60CBA.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7D490870.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7D580E27.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7DEF3DAE.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7E6F3211.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7EE34356.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7F380FC0.EXE (Disinfected & Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\7F84349A.EXE (Disinfected & Submitted)

Trojan.Win32.Vapsup.hdq (virus)

* C:\_OTMOVEIT\MOVEDFILES\06272008_143252\WINDOWS\ETGV.EXE (Renamed & Submitted)

not-virus:Hoax.HTML.Secureinvites.c (virus)

* C:\_OTMOVEIT\MOVEDFILES\06292008_155637\WINDOWS\WEB\DEF.HTM (Submitted)

not-virus:Hoax.Win32.Renos.dk (virus)

* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\386C27F8.EXE (Submitted)
* C:\PROGRAM\NORTON ANTIVIRUS\QUARANTINE\387F23E2.EXE (Submitted)

Statistics
Scanned:

* Files: 65763
* System: 4836
* Not scanned: 10

Actions:

* Disinfected: 143
* Renamed: 47
* Deleted: 0
* None: 6
* Submitted: 194

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{4B629D28-D83C-4DAA-8BC6-D5FC8F4833C6}.BIN
* C:\PROGRAM\DELADE FILER\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
* C:\DOCUMENTS AND SETTINGS\MARIA ERIKSSON\APPLICATION DATA\SYMANTEC\NPMDATASTORE\CIMSTORE.XML

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-07-01
* F-Secure AVP: 7.0.171, 2008-07-01
* F-Secure Pegasus: 1.20.0, 2008-04-15
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics


And a hijack this log from 5 minutes ago:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:58, on 2008-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Canon\IJPLM\IJPLMSVC.EXE
C:\Program\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program\Creative\SBLive\Diagnostics\diagent.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\QTTask.exe
C:\Program\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Logitech\SetPoint\KEM.exe
C:\Program\Logitech\SetPoint\KHALMNPR.EXE
C:\Program\Personal\bin\Personal.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\MARIAE~1\LOKALA~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\MARIAE~1\LOKALA~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program\TuneUp Utilities 2007\RegistryCleaner.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LXSUPMON] "C:\WINDOWS\System32\LXSUPMON.EXE" RUN
O4 - HKLM\..\Run: [diagent] "C:\Program\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] "C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TWO VGA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Maria Eriksson\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/1481 ... scan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/app ... OFILER.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: GoToAssist - C:\Program\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - C:\DOCUME~1\MARIAE~1\LOKALA~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11726 bytes

soaring goat
Regular Member
 
Posts: 15
Joined: June 26th, 2008, 2:16 pm

Re: Antivirus XP 2008. I need help removing it.

Unread postby peku006 » July 1st, 2008, 2:25 pm

Hi soaring goat
we have two things to do

Removing files from Norton AntiVirus Quarantine

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] "C:\Documents and Settings\All Users\Application Data\dumb pure bind support\TWO VGA.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

After that...........

"Grattis" Your log looks clean! :)

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Let's clear out the programmes we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • When finished exit out of OTMoveIt
  • The tool will delete itself once it finishes, if not delete it by yourself.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Note:"Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note: If you are running Windows XP SP2, you should upgrade to SP3.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing! ;)
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 480 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware