Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Packed.Generic.200

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Packed.Generic.200

Unread postby olpet » March 24th, 2009, 8:37 am

Hi!
My Norton 360 keeps giving me warnings that I am infected with the trojan Packed.Generic.200.
A Hijack Dump followes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:42, on 24.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programfiler\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\Programfiler\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2703448984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6610 bytes
olpet
Active Member
 
Posts: 9
Joined: March 22nd, 2009, 4:41 pm
Advertisement
Register to Remove

Re: Packed.Generic.200

Unread postby peku006 » March 31st, 2009, 12:49 pm

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Scan With ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Packed.Generic.200

Unread postby olpet » April 1st, 2009, 12:24 pm

It seem that Combofix is not able to run (Install?) properly. After the first installscreen (Open file - Securityscreen) I do not get any more response for the application. My antivirus and firewall is disabled....

My Hijacklog is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:19, on 01.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2703448984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6201 bytes
olpet
Active Member
 
Posts: 9
Joined: March 22nd, 2009, 4:41 pm

Re: Packed.Generic.200

Unread postby peku006 » April 1st, 2009, 1:00 pm

Hi olpet

OK don't worry about Combofix, we'll try a different tool:

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

1 - SDFix

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

2 - Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

3 - Run SDFix

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

4 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

5 - Status Check
Please reply with

1. the SDFix.Report.txt (C:\SDFix\report.txt)
1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Packed.Generic.200

Unread postby olpet » April 1st, 2009, 5:42 pm

Tanks again!

Here are the three reprts.

Report from SDFix:

SDFix: Version 1.240
Run by Ole on 01.04.2009 at 22:28

Microsoft Windows XP [Versjon 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 23:33:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Ole\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"="C:\\Programfiler\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programfiler\\TwonkyMedia\\TwonkyMediaServer.exe"="C:\\Programfiler\\TwonkyMedia\\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer"
"C:\\Programfiler\\TwonkyMedia\\TwonkyMedia.exe"="C:\\Programfiler\\TwonkyMedia\\TwonkyMedia.exe:*:Enabled:TwonkyMedia"
"C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programfiler\\Vuze\\Azureus.exe"="C:\\Programfiler\\Vuze\\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 29 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 29 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2e8effaf51a5e3f2935340df457a3850\download\BIT71.tmp"
Mon 29 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afe29f6f3378d97f6e679a9615219190\download\BIT6F.tmp"
Mon 29 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\db4b6b0325ccaeb6b88773855e009fac\download\BIT72.tmp"

Finished!

Log from random:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ole at 2009-04-01 23:38:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (75%) free of 71 GB
Total RAM: 1535 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:48, on 01.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe
C:\Programfiler\TerraTec\DMX 6fire\DMX6Fire.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ole\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Ole.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2703448984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6734 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll [2009-03-18 372592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL [2009-03-18 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll [2009-03-18 372592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Adobe Reader Speed Launcher"=C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
ColorVisionStartup.lnk - C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
DMX 6fire 2496 ControlPanel.lnk - C:\Programfiler\TerraTec\DMX 6fire\DMX6Fire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-14 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\TwonkyMedia\TwonkyMediaServer.exe"="C:\Programfiler\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer"
"C:\Programfiler\TwonkyMedia\TwonkyMedia.exe"="C:\Programfiler\TwonkyMedia\TwonkyMedia.exe:*:Enabled:TwonkyMedia"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Vuze\Azureus.exe"="C:\Programfiler\Vuze\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b610186-e3f3-11dd-8a55-00508df3c34d}]
shell\autorun\command - J:\StartCD.exe


======List of files/folders created in the last 1 months======

2009-04-01 23:38:46 ----D---- C:\rsit
2009-04-01 22:20:21 ----D---- C:\WINDOWS\ERUNT
2009-04-01 22:19:14 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-01 21:45:21 ----D---- C:\SDFix
2009-04-01 16:41:27 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-01 16:41:27 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-01 16:41:27 ----A---- C:\WINDOWS\system32\java.exe
2009-03-31 21:05:39 ----A---- C:\WINDOWS\system32\CF17185.exe
2009-03-31 21:05:31 ----D---- C:\Qoobox
2009-03-31 15:51:57 ----D---- C:\Programfiler\Panda Security
2009-03-23 22:06:40 ----D---- C:\Documents and Settings\Ole\Programdata\GetRightToGo
2009-03-23 17:58:28 ----D---- C:\fsaua.data
2009-03-22 22:45:34 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2009-03-22 22:45:34 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2009-03-18 23:27:53 ----D---- C:\WINDOWS\system32\N360_BACKUP
2009-03-18 22:34:57 ----D---- C:\WINDOWS\pss
2009-03-18 18:45:22 ----RD---- C:\Programfiler\Norton Support
2009-03-18 18:05:39 ----D---- C:\Documents and Settings\All Users\Programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-03-18 18:05:28 ----D---- C:\Programfiler\Symantec
2009-03-18 18:05:28 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-03-18 18:05:03 ----D---- C:\Programfiler\Windows Sidebar
2009-03-18 18:05:03 ----D---- C:\Programfiler\Norton 360
2009-03-18 18:05:03 ----D---- C:\Documents and Settings\All Users\Programdata\Symantec
2009-03-18 18:03:49 ----D---- C:\Documents and Settings\All Users\Programdata\Norton
2009-03-18 18:03:46 ----D---- C:\Programfiler\NortonInstaller
2009-03-18 18:03:46 ----D---- C:\Documents and Settings\All Users\Programdata\NortonInstaller
2009-03-18 17:46:16 ----D---- C:\Programfiler\Fellesfiler\Symantec Shared
2009-03-18 17:46:13 ----D---- C:\Programfiler\Norton Security Scan
2009-03-16 23:19:22 ----D---- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage
2009-03-16 23:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-16 23:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-16 23:15:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-16 23:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-16 18:01:40 ----D---- C:\WINDOWS\system32\log

======List of files/folders modified in the last 1 months======

2009-04-01 23:36:59 ----D---- C:\Programfiler\Mozilla Firefox
2009-04-01 23:33:50 ----D---- C:\WINDOWS\Temp
2009-04-01 23:33:45 ----D---- C:\WINDOWS\Prefetch
2009-04-01 23:31:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-01 23:31:16 ----D---- C:\WINDOWS\system32
2009-04-01 22:26:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 22:20:21 ----D---- C:\WINDOWS
2009-04-01 22:16:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-01 22:08:20 ----RASH---- C:\boot.ini
2009-04-01 22:08:20 ----A---- C:\WINDOWS\win.ini
2009-04-01 22:08:20 ----A---- C:\WINDOWS\system.ini
2009-04-01 21:55:55 ----HD---- C:\WINDOWS\inf
2009-04-01 16:41:34 ----SHD---- C:\WINDOWS\Installer
2009-04-01 16:41:23 ----D---- C:\Programfiler\Java
2009-03-31 20:41:20 ----D---- C:\Programfiler\Vuze
2009-03-31 15:54:48 ----D---- C:\WINDOWS\system32\drivers
2009-03-31 15:51:57 ----RD---- C:\Programfiler
2009-03-30 21:36:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-30 21:32:56 ----D---- C:\Documents and Settings\Ole\Programdata\Azureus
2009-03-24 17:35:04 ----D---- C:\Programfiler\Fellesfiler
2009-03-24 14:31:50 ----D---- C:\Programfiler\Trend Micro
2009-03-24 11:33:39 ----D---- C:\Documents and Settings\All Users\Programdata\Adobe
2009-03-24 11:33:37 ----D---- C:\Programfiler\Fellesfiler\Adobe
2009-03-24 11:33:36 ----D---- C:\Programfiler\Adobe
2009-03-23 22:55:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-18 22:33:02 ----D---- C:\WINDOWS\system32\Restore
2009-03-18 22:18:37 ----SD---- C:\WINDOWS\Tasks
2009-03-18 18:16:05 ----SHD---- C:\System Volume Information
2009-03-18 18:05:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-18 18:04:37 ----D---- C:\Documents and Settings\All Users\Programdata\Trend Micro
2009-03-18 01:07:45 ----A---- C:\WINDOWS\DCEBoot.exe
2009-03-17 18:20:52 ----D---- C:\WINDOWS\system32\config
2009-03-17 18:18:36 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-16 23:17:08 ----D---- C:\Programfiler\Fellesfiler\Microsoft Shared
2009-03-16 23:15:29 ----A---- C:\WINDOWS\imsins.BAK
2009-03-16 17:53:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-09 05:19:08 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090331.003\IDSxpx86.sys []
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSPX.SYS []
R1 SYMTDI;Symantec Network Dispatch Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMTDI.SYS []
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;IrDA-protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-07-18 72704]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]
R3 catchme;catchme; \??\C:\DOCUME~1\Ole\LOKALE~1\Temp\catchme.sys []
R3 dmxfire;DMX6fire WDM Audio; C:\WINDOWS\system32\drivers\dmx6fire.sys [2003-08-29 148724]
R3 dmxsens;dmxsens; C:\WINDOWS\system32\drivers\dmxsens.sys [2003-07-22 403968]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2004-06-22 169984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 hidusb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 iTurns;iTurns; C:\WINDOWS\system32\DRIVERS\iTurnsDriver.sys [2008-09-16 5632]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-25 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090401.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090401.003\NAVEX15.SYS []
R3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SRTSP;Symantec Real Time Storage Protection; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSP.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMFW.SYS []
R3 SYMIDS;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-03-18 36400]
R3 SYMNDIS;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMNDIS.SYS []
R3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 aktivert hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 26b68cb4;26b68cb4; C:\WINDOWS\System32\drivers\26b68cb4.sys []
S3 abeovsl7;abeovsl7; C:\WINDOWS\system32\drivers\abeovsl7.sys []
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\System32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 CCDECODE;Dekoder for teksting for hørselshemmede; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cvspydr2;ColorVision Spyder 2; C:\WINDOWS\system32\DRIVERS\cvspydr2.sys [2002-04-02 33024]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 MSTEE;Tee/Sink-to-Sink-konverterer for Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-kodek; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/video-tilkobling; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PolarUSB;Polar USB Interface; C:\WINDOWS\system32\DRIVERS\PolarUSB.sys [2001-07-12 17343]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 stusb2ir;USB 2.0 IrDA Bridge; C:\WINDOWS\system32\DRIVERS\stusb2ir.sys [2006-09-22 40856]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-03-18 36400]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB-skannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 wimfltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 131000]
S3 WSTCODEC;World Standard Teletext-kodek; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filterdriver for systemgjenoppretting; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2007-03-15 535807]
R2 Irmon;Infrarød overvåking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 N360;Norton 360; C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [2009-03-18 115560]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S3 aspnet_state;Statustjeneste for ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programfiler\Windows Media Player\WMPNetwk.exe [2006-11-15 914944]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Info from random:
info.txt logfile of random's system information tool 1.06 2009-04-01 23:38:50

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Lightroom 2.2-->MsiExec.exe /I{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}
Adobe Reader 9.1 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A91000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agfa ScanWise 2.00-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Programfiler\Agfa\ScanWise 2_00\UNINSTALL.DLL"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCAD 12 NOR-->C:\Programfiler\Graphisoft\ArchiCAD 12\Uninstall.AC\uninstaller.exe
ArchiCAD Guide - BIM Experience-->C:\Programfiler\Graphisoft\ArchiCAD BIM Experience\Uninstall.TGB\uninstaller.exe
ATI - Avinstalleringsverktøy for Programvaren-->C:\Programfiler\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
DMX 6fire 24/96 ControlPanel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3A33D692-8679-4142-94C7-0BB784B9B3A3}\Setup.exe" -l0x9
DVDneXtCOPY iTurns 1.5.4.2-->C:\Programfiler\DVDneXtCOPY iTurns\Uninstall.exe
Exact Audio Copy 0.99pb4-->C:\Programfiler\Exact Audio Copy\uninst.exe
GEAR driver installer for x86 and x64-->MsiExec.exe /I{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IKEA Home Planner-->MsiExec.exe /I{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Kritisk oppdatering for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
MediaMonkey 3.0-->"C:\Programfiler\MediaMonkey\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Norwegian Language Pack-->MsiExec.exe /X{3EAC35F4-FF26-4123-9404-0B5B93DAB570}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - NOR-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - NOR\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120414-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.8)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.42-->C:\Programfiler\Mp3tag\Mp3tagUninstall.EXE
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia PC Suite-->C:\Documents and Settings\All Users\Programdata\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_nor.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Norton 360-->C:\Programfiler\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.0.0.135\InstStub.exe /X
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{0A77B7A0-B953-4E39-B4B2-A0181AB9AB06}
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Panda ActiveScan 2.0-->C:\Programfiler\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Polar Precision Performance SW -->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{B116E95E-01B1-420A-AECB-B2B330B9BD97}\setup.exe" -l0x14
Påloggingsassistent for Windows Live-->MsiExec.exe /I{B965A150-17AB-4EB1-AD98-33149DDBD928}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RAIDar 4.1.4-->C:\Programfiler\NETGEAR ReadyNAS\uninstall.exe
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Spyder2express-->C:\WINDOWS\unvise32.exe C:\Programfiler\ColorVision\Spyder2express\uninstal.log
TwonkyMedia-->C:\Programfiler\TwonkyMedia\UninstallTwonkyMedia.exe
USB 2.0 IrDA Bridge-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\setup.exe" -l0x9
VLC media player 0.9.4-->C:\Programfiler\VideoLAN\VLC\uninstall.exe
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Programfiler\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Driver Package - SafeNet, Inc. (SNTNLUSB) USB (03/09/2006 7.3.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\sntnlusb_9A62A041D7FB7541888119E83EC5EB90C7FD7B01\sntnlusb.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Media Format 11 runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows OEM Preinstallation Kit-->MsiExec.exe /I{266CCC48-9AA1-404E-A1CB-558E8CC46F69}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-driverpakke - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows-driverpakke - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows-driverpakke - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows-driverpakke - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows-driverpakke - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Arkiverer-->C:\Programfiler\WinRAR\uninstall.exe
XRECODE-->"C:\Programfiler\XRECODE\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: DATAROM
Event Code: 7035
Message: Fast User Switching Compatibility-tjenesten har sendt en start-kontroll.
Record Number: 6073
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: DATAROM
Event Code: 7036
Message: Tjenesten Network Location Awareness (NLA) gikk inn i tilstanden Kjører.

Record Number: 6072
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User:

Computer Name: DATAROM
Event Code: 7035
Message: Network Location Awareness (NLA)-tjenesten har sendt en start-kontroll.
Record Number: 6071
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: DATAROM
Event Code: 7035
Message: Remote Access Connection Manager-tjenesten har sendt en start-kontroll.
Record Number: 6070
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: DATAROM
Event Code: 7036
Message: Tjenesten Telephony gikk inn i tilstanden Kjører.

Record Number: 6069
Source Name: Service Control Manager
Time Written: 20090119182413.000000+060
Event Type: Informasjon
User:

=====Application event log=====

Computer Name: DATAROM
Event Code: 701
Message: MsnMsgr (1344) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.

Record Number: 5007
Source Name: ESENT
Time Written: 20090118040005.000000+060
Event Type: Informasjon
User:

Computer Name: DATAROM
Event Code: 700
Message: MsnMsgr (1344) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.

Record Number: 5006
Source Name: ESENT
Time Written: 20090118040005.000000+060
Event Type: Informasjon
User:

Computer Name: DATAROM
Event Code: 701
Message: MsnMsgr (1344) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.

Record Number: 5005
Source Name: ESENT
Time Written: 20090118030005.000000+060
Event Type: Informasjon
User:

Computer Name: DATAROM
Event Code: 700
Message: MsnMsgr (1344) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.

Record Number: 5004
Source Name: ESENT
Time Written: 20090118030005.000000+060
Event Type: Informasjon
User:

Computer Name: DATAROM
Event Code: 701
Message: MsnMsgr (1344) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Microsoft\Messenger\ole@hunstadweb.net\SharingMetadata\Working\database_A8E9_33_E8FF_FCF6\dfsr.db'.

Record Number: 5003
Source Name: ESENT
Time Written: 20090118020005.000000+060
Event Type: Informasjon
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programfiler\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static;C:\Programfiler\QuickTime\QTSystem\;C:\Programfiler\Windows Imaging\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programfiler\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Thanks again
olpet :-)
olpet
Active Member
 
Posts: 9
Joined: March 22nd, 2009, 4:41 pm

Re: Packed.Generic.200

Unread postby peku006 » April 2nd, 2009, 3:20 am

Hi olpet

1 - Run Malwarebytes' Anti-Malware
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.

    Image
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with



1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Packed.Generic.200

Unread postby olpet » April 2nd, 2009, 2:01 pm

Hi and thanks!

Here is my mbam-log:

Malwarebytes' Anti-Malware 1.35
Databaseversjon: 1933
Windows 5.1.2600 Service Pack 3

02.04.2009 19:52:03
mbam-log-2009-04-02 (19-52-03).txt

Skanntype: Full Skann (C:\|F:\|G:\|)
Objekter skannet: 173416
Tid tilbakelagt: 1 hour(s), 34 minute(s), 17 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 1
Registerverdier infisert: 1
Registerfiler infisert: 0
Mapper infisert: 1
Filer infisert: 6

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
(Ingen mistenkelige filer funnet)

Registernøkler infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registerverdier infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registerfiler infisert:
(Ingen mistenkelige filer funnet)

Mapper infisert:
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Filer infisert:
C:\WINDOWS\system32\twain32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds.lll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACoclaqksp.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACpeampppn.dat (Trojan.Agent) -> Quarantined and deleted successfully.

And here is my Hijacklog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:31, on 02.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2703448984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6638 bytes

My Norton 360 still keeps telling teeling me about packed.generic.200. I have not tried the PC fully. though....

Thanks again
Ole :-)
olpet
Active Member
 
Posts: 9
Joined: March 22nd, 2009, 4:41 pm

Re: Packed.Generic.200

Unread postby peku006 » April 2nd, 2009, 2:30 pm

God kvell Ole :D
My Norton 360 still keeps telling teeling me about packed.generic.200

Can you tell me where it is located?

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)l
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: Select all
:files
C:\WINDOWS\DCEBoot.exe

:Commands
[EmptyTemp]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

3 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the OTMoveIt3 log
2. the Kaspersky online scanner report
3. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Packed.Generic.200

Unread postby olpet » April 5th, 2009, 3:49 pm

Hi, sorry for the late response but I have been traveling.

Here are the requested logs:
OTMoveIt3rapport:

========== FILES ==========
C:\WINDOWS\DCEBoot.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Ole\LOKALE~1\Temp\etilqs_ZOnuCW3SsBgHmlG7gtT7 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Ole\LOKALE~1\Temp\fla6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Ole\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETE639.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2e8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04022009_213557

Files moved on Reboot...
File C:\DOCUME~1\Ole\LOKALE~1\Temp\etilqs_ZOnuCW3SsBgHmlG7gtT7 not found!
File C:\DOCUME~1\Ole\LOKALE~1\Temp\fla6.tmp not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File C:\WINDOWS\temp\JETE639.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2e8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat not found!
C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ole\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\y5uimci6.default\urlclassifier3.sqlite moved successfully.

Kapesky scan:

Scan statistics:
Files scanned: 91049
Threat name: 8
Infected objects: 46
Suspicious objects: 7
Duration of the scan: 04:27:10


File name / Threat name / Threats count
C:\Programfiler\Trend Micro\Internet Security\Quarantine\Backup\UACc458.RB0 Suspicious: Trojan.Win32.Patched.dy 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\Backup\UACc458.RB1 Suspicious: Trojan.Win32.Patched.dy 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UAC5e47.tmp Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UAC5ecb.tmp Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UAC6002.tmp Infected: Packed.Win32.Tdss.f 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UAC6e6b.tmp Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UAC7b0d.tmp Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UAC880d.tmp Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACc458.tmp Suspicious: Trojan.Win32.Patched.dy 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACccf5.tmp Infected: Packed.Win32.Tdss.f 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACccfa.tmp Infected: Packed.Win32.Tdss.f 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACd263.tmp Infected: Trojan.Win32.Tdss.roq 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACd40a.tmp Infected: Packed.Win32.Tdss.f 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACeadd.tmp Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACefed.tmp Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACf4ef.tmp Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACf973.tmp Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACgextavbw.dll Infected: Trojan.Win32.Tdss.ror 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACiynkcvvi.sys Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACiynkcvvi_1300.VIR Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACiynkcvvi_14d4.VIR Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACiynkcvvi_1c24.VIR Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACiynkcvvi_25c8.VIR Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACiynkcvvi_a3c.VIR Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACiynkcvvi_d64.VIR Infected: Rootkit.Win32.TDSS.gwh 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACjenquulf.dll Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACjenquulf_1300.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACjenquulf_14d4.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACjenquulf_1c24.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACjenquulf_25c8.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACjenquulf_a3c.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACjenquulf_d64.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACkkdardmp.dll Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACkkdardmp_1300.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACkkdardmp_14d4.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACkkdardmp_1c24.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACkkdardmp_25c8.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACkkdardmp_a3c.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACkkdardmp_d64.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACnldwmeop.dll Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACnldwmeop_1300.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACnldwmeop_14d4.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACnldwmeop_1c24.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACnldwmeop_25c8.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACnldwmeop_a3c.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACnldwmeop_d64.VIR Infected: Packed.Win32.Tdss.c 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACwknlaoyr.dll Infected: Packed.Win32.Tdss.f 1
C:\Programfiler\Trend Micro\Internet Security\Quarantine\UACwknlaoyr_d64.VIR Infected: Trojan.Win32.Tdss.roq 1
F:\Nedlastede filer\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
F:\Sikkerhetskopi\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2
G:\Sikkerhetskopier\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2

The selected area was scanned.

Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:47, on 05.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Java\jre6\bin\java.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2703448984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6614 bytes


My Norton 360 tells me that packed.generic.200 is 38 files. all as:

gobalroot\systemroot\system32\uacgextavbw.dll

thanks again

Ole :-)
olpet
Active Member
 
Posts: 9
Joined: March 22nd, 2009, 4:41 pm

Re: Packed.Generic.200

Unread postby peku006 » April 6th, 2009, 2:12 am

Hi Ole
Let us take a deeper look.

  • Download OTScanIt2 by Oldtimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

      NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

NOTE:Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Packed.Generic.200

Unread postby olpet » April 6th, 2009, 3:56 am

Hi!

OTScanIt2 report attached.

Thanks, Ole
You do not have the required permissions to view the files attached to this post.
olpet
Active Member
 
Posts: 9
Joined: March 22nd, 2009, 4:41 pm

Re: Packed.Generic.200

Unread postby peku006 » April 6th, 2009, 9:45 am

Hi Ole
I do not see anything that does not look OK.

Empty/clear out your Trend Micro Internet Security Quarantine
C:\Programfiler\Trend Micro\Internet Security\Quarantine

I think that it would be a good idea to run another online scan, just as a double-check.

1 - F-Secure Online Scan

F-Secure Online Scan

  • Note: You will need to use Internet explorer for this scan
  • Go here to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new internet explorer window
  • It will require an activex control, please install it
  • Click Accept
  • Click Full System Scan
  • It will now download the scanner, this may take a while, please be patient
  • It will then start scanning, wait for the scan to finish
  • Click Automatic cleaning (recommended)
  • Wait for it finish the cleaning process
  • Click show report
  • This will open up a window with the results of the scan, copy and paste those results as a reply to this topic

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Packed.Generic.200

Unread postby olpet » April 6th, 2009, 11:12 am

Hi again!

It seems that my PC is runnuing normally now.

The F-Secure report is:

Scanning Report
Monday, April 06, 2009 16:21:05 - 17:02:10

Computer name: DATAROM
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\ G:\
Result: 5 malware found
TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Doubleclick (spyware)

* System

TrackingCookie.Tradedoubler (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

Statistics
Scanned:

* Files: 30043
* System: 3256
* Not scanned: 14

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 5
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\OLE\LOKALE INNSTILLINGER\TEMP\ETILQS_OLRUK5WGRRDMUVLCGOXS
* C:\DOCUMENTS AND SETTINGS\OLE\LOKALE INNSTILLINGER\PROGRAMDATA\MICROSOFT\OUTLOOK\OUTLOOK.PST
* C:\DOCUMENTS AND SETTINGS\OLE\LOKALE INNSTILLINGER\PROGRAMDATA\MICROSOFT\OUTLOOK\OUTLOOK.PST
* C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_AVPAPP_{BB639333-810A-4BF8-85F5-C537857F55FC}0
* C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{E8EFD4CD-DE52-4444-9511-EFF3B158724B}0
* C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_ISDATAPR_{FF9AC67A-E394-46AE-B150-B3365343F166}G
* C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_NPC.TRAY.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0
* C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COMMON CLIENT\_LCK\_UI.HOST.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.8.9080, 2009-04-06
* F-Secure AVP: 7.0.171, 2009-04-06
* F-Secure Pegasus: 1.20.0, 1970-00-01
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

The Hijacklog is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:11, on 06.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
c:\windows\system32\rundll32.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x08b5 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2703448984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programfiler\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Programfiler\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6574 bytes


I am currently doing av Norton 360 scan, and if everything is normal ofter that and my reports looks normal to you, I would very much thank you for all your help.

A question from me, then; was my PC not infected and did my Norton errounesly report faults?

Thanks again
Ole :-)
olpet
Active Member
 
Posts: 9
Joined: March 22nd, 2009, 4:41 pm

Re: Packed.Generic.200

Unread postby peku006 » April 6th, 2009, 11:49 am

Hi Ole
your computer was infected, Norton was right

the scans are fine and it looks like your machine is clean

To remove all of the tools we used and the files and folders they created do the following:
Start OTScanIt2
Click the CleanUp button

* OTScanIt2 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Is your pc running slow?
Read What to do if your Computer is running slowly

Happy surfing and stay clean! :thumbup:
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Packed.Generic.200

Unread postby NonSuch » April 7th, 2009, 1:22 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware