Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NOD32 reports activity...HJT logfile here, help needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

NOD32 reports activity...HJT logfile here, help needed

Unread postby sempersem » June 9th, 2008, 4:33 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:42, on 09.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\xampp\apache\bin\apache.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Intel\AMT\atchksrv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Intel\AMT\LMS.exe
C:\Programfiler\xampp\mysql\bin\mysqld-nt.exe
C:\Programfiler\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\AMT\UNS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programfiler\xampp\apache\bin\apache.exe
C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programfiler\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programfiler\Norton Ghost\Agent\VProTray.exe
C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Programfiler\The Bat!\thebat.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Programfiler\PSPad editor\PSPad.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kongsberg.kommune.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programfiler\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: APSHook.dll PGPmapih.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programfiler\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Programfiler\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programfiler\Intel\AMT\LMS.exe
O23 - Service: mysql - Unknown owner - C:\Programfiler\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programfiler\Intel\AMT\UNS.exe

--
End of file - 12456 bytes

I'll be happy for all help I can get
sempersem
Active Member
 
Posts: 6
Joined: June 9th, 2008, 3:52 am
Advertisement
Register to Remove

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby peku006 » June 11th, 2008, 11:39 am

Welcome to the MWR forums. My name is peku006. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic. Please stay at one forum for help.
3. Please continue reading posts until I give the All Clear. It is important to note this, as a clean looking HijackThis is not always a sign your system is clean.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby sempersem » June 11th, 2008, 2:08 pm

Thank's for your reply. I still have the problem, so I just wait for your instructions :)
sempersem
Active Member
 
Posts: 6
Joined: June 9th, 2008, 3:52 am

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby peku006 » June 12th, 2008, 7:18 am

Hi sempersem

what kind of activity and where it is located?

I'm not seeing anything malicious in your HJT log. Let's run a couple of scans and see what we find.

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Download and Run DSS

Please download Deckard's System Scanner (DSS) and save to your Desktop.

DSS will do the following:

  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open in Notepad:
  • main.txt <- this one will be maximized
  • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


3 - Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 6.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 6 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u6-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

4 - Status Check
Please reply with
Deckard's System Scanner main.txt and extra.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby sempersem » June 12th, 2008, 8:34 am

what kind of activity and where it is located?


This is the log from NOD32
(Trying out NOD, I used to have Kaspersky until a few days ago...)
Code: Select all
11.06.2008 10:45:25	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP130\A0022275.exe	Win32/Rbot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
11.06.2008 09:03:01	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP130\A0022274.exe	a variant of Win32/Injector.AU trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
11.06.2008 08:33:46	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP130\A0022273.exe	a variant of Win32/Injector.AU trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
11.06.2008 07:50:54	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP130\A0022272.exe	a variant of Win32/Injector.AU trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
10.06.2008 21:39:44	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP130\A0022271.exe	a variant of Win32/Injector.AU trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
09.06.2008 21:24:46	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP129\A0021159.exe	Win32/Rbot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
09.06.2008 20:24:46	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP129\A0021158.exe	Win32/Rbot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
09.06.2008 19:36:56	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP129\A0021157.exe	Win32/IRCBot.AGV trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
09.06.2008 13:12:07	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP128\A0021122.exe	Win32/IRCBot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
09.06.2008 09:11:52	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP127\A0021111.exe	Win32/IRCBot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
09.06.2008 09:01:40	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP127\A0021110.exe	Win32/Rbot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
09.06.2008 07:43:25	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP127\A0021109.exe	Win32/IRCBot.AGV trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
08.06.2008 18:24:48	Real-time file system protection	file	C:\Qoobox\Quarantine\C\WINDOWS\images.zip.vir	Win32/IRCBot.AGV trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a file modified by the application: C:\WINDOWS\system32\CF28177.exe.
08.06.2008 18:22:53	Real-time file system protection	file	C:\WINDOWS\203932.exe	Win32/Rbot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\ComboFix\findstr.cfexe.
08.06.2008 18:22:53	Real-time file system protection	file	C:\WINDOWS\203937.exe	Win32/Rbot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\ComboFix\findstr.cfexe.
08.06.2008 18:22:52	Real-time file system protection	file	C:\WINDOWS\059573.exe	Win32/IRCBot.AGV trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\ComboFix\findstr.cfexe.
08.06.2008 18:22:08	Real-time file system protection	file	C:\DOCUME~1\semper\LOKALE~1\Temp\Av-test.txt	Eicar test file	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\system32\CF28177.exe.
08.06.2008 18:17:32	Real-time file system protection	file	C:\LOVEITS.EXE	Win32/IRCBot trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\mqsvc.exe.
08.06.2008 17:16:45	Startup scanner	file	C:\WINDOWS\ehSched.exe	Win32/IRCBot trojan	cleaned by deleting - quarantined		
08.06.2008 17:16:43	Startup scanner	file	C:\WINDOWS\system32\sysregi.exe	Win32/Rbot trojan	cleaned by deleting - quarantined		
08.06.2008 17:16:41	Startup scanner	file	C:\WINDOWS\scvhost.exe	Win32/IRCBot.AGV trojan	cleaned by deleting - quarantined		
08.06.2008 07:37:37	Real-time file system protection	file	C:\a.bat	REG/Zapchast trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\system32\sysregi.exe.
07.06.2008 17:15:28	Real-time file system protection	file	C:\a.bat	REG/Zapchast trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\system32\sysregi.exe.
07.06.2008 06:56:21	Real-time file system protection	file	C:\a.bat	REG/Zapchast trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\system32\sysregi.exe.
06.06.2008 19:40:45	Real-time file system protection	file	C:\a.bat	REG/Zapchast trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\system32\sysregi.exe.
05.06.2008 19:30:40	Real-time file system protection	file	C:\a.bat	REG/Zapchast trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\system32\sysregi.exe.
05.06.2008 11:39:03	Real-time file system protection	file	C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP124\A0020920.exe	a variant of Win32/Injector.AU trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
05.06.2008 09:19:12	HTTP filter	file	http://64.20.39.226/sp.exe	a variant of Win32/TrojanProxy.Agent.MM trojan	connection terminated - quarantined	PC168961826147\semper	
05.06.2008 08:35:04	Startup scanner	file	C:\WINDOWS\ehSched.exe	a variant of Win32/Injector.AU trojan	cleaned by deleting - quarantined	PC168961826147\semper	
05.06.2008 08:35:04	Real-time file system protection	file	C:\a.bat	REG/Zapchast trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\system32\sysregi.exe.
05.06.2008 07:17:29	Real-time file system protection	file	C:\Documents and Settings\semper\Lokale innstillinger\Temporary Internet Files\Content.IE5\LDE791I9\bbbb[1].exe	a variant of Win32/Injector.AU trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\scvhost.exe.
05.06.2008 07:17:26	Real-time file system protection	file	C:\ehScds.exe	a variant of Win32/Injector.AU trojan	cleaned by deleting - quarantined	NT-MYNDIGHET\SYSTEM	Event occurred on a new file created by the application: C:\WINDOWS\scvhost.exe.

1 - Remove bad HijackThis entries
* Put a check beside all of the items listed below (if present):
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Both present, and removed.

3 - Update Java Runtime

Removed and updated!

main.txt
Code: Select all
Deckard's System Scanner v20071014.68
Run by semper on 2008-06-12 13:46:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
86: 2008-06-12 11:46:32 UTC - RP133 - Deckard's System Scanner Restore Point
85: 2008-06-11 19:13:17 UTC - RP132 - Kontrollpunkt for system
84: 2008-06-10 18:20:16 UTC - RP131 - Kontrollpunkt for system
83: 2008-06-09 16:40:43 UTC - RP130 - Kontrollpunkt for system
82: 2008-06-08 16:21:52 UTC - RP129 - ComboFix created restore point


-- First Restore Point -- 
1: 2008-03-21 20:53:23 UTC - RP48 - Kontrollpunkt for system


Backed up registry hives.
Performed disk cleanup.

[color=red]System Drive C: has 13.82 GiB (less than 15%) free.[/color]


-- HijackThis (run as semper.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:27, on 12.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\xampp\apache\bin\apache.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Intel\AMT\atchksrv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Intel\AMT\LMS.exe
C:\Programfiler\xampp\mysql\bin\mysqld-nt.exe
C:\Programfiler\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\xampp\apache\bin\apache.exe
C:\Programfiler\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\AMT\UNS.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programfiler\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programfiler\Norton Ghost\Agent\VProTray.exe
C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\semper\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\semper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kongsberg.kommune.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programfiler\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll PGPmapih.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programfiler\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Programfiler\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programfiler\Intel\AMT\LMS.exe
O23 - Service: mysql - Unknown owner - C:\Programfiler\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programfiler\Intel\AMT\UNS.exe

--
End of file - 12417 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080612-133347-506 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
backup-20080612-133347-651 O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

-- File Associations -----------------------------------------------------------

[COLOR=red].scr - AutoCADScriptFile - shell\open\command - "C:\Programfiler\PSPad editor\PSPad.exe" "%1"[/COLOR]
[COLOR=red].txt - txtfile - shell\open\command - C:\PROGRA~1\PSPADE~1\PSPad.exe "%1"[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SafeBoot - c:\windows\system32\drivers\safeboot.sys
R0 SbAlg - c:\windows\system32\drivers\sbalg.sys <Not Verified; SafeBoot N.V.; SafeBoot Security System>
R1 RsvLock - c:\windows\system32\drivers\rsvlock.sys <Not Verified; SafeBoot International; SafeBoot Security System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2.2 - "c:\programfiler\xampp\apache\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Apple Mobile Device - "c:\programfiler\fellesfiler\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Bonjour-tjeneste) - c:\programfiler\bonjour\mdnsresponder.exe <Not Verified; Apple Inc.; Bonjour>
R2 HpFkCryptService (Drive Encryption Service) - "c:\programfiler\hewlett-packard\drive encryption\hpfkcrypt.exe" <Not Verified; SafeBoot International; HP ProtectTools>
R2 mysql - c:\programfiler\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\programfiler\xampp\mysql\bin\my.cnf mysql
R3 FLEXnet Licensing Service - "c:\programfiler\fellesfiler\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>
S3 FLCDLOCK (HP ProtectTools Device Locking / Auditing) - c:\windows\system32\flcdlock.exe <Not Verified; Hewlett-Packard Ltd; Device Access Manager>
S3 ServiceLayer - "c:\programfiler\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 stllssvr - "c:\programfiler\fellesfiler\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 5500 Sport
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 5500 Sport
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-11 20:44:19         0 dr-h----- C:\Documents and Settings\semper\Siste
2008-06-09 10:22:18         0 d-------- C:\Programfiler\Trend Micro
2008-06-08 18:21:21     68096 --a------ C:\WINDOWS\zip.exe
2008-06-08 18:21:21     49152 --a------ C:\WINDOWS\VFind.exe
2008-06-08 18:21:21    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-08 18:21:21    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-08 18:21:21    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-08 18:21:21     98816 --a------ C:\WINDOWS\sed.exe
2008-06-08 18:21:21     80412 --a------ C:\WINDOWS\grep.exe
2008-06-08 18:21:21     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-05 12:22:01         0 d-------- C:\Programfiler\Mp3tag
2008-06-05 09:19:11     42662 --a------ C:\ejjfdds.exe
2008-06-04 11:02:32         0 d-------- C:\Programfiler\NCH Swift Sound
2008-06-03 15:50:05       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-22 08:46:39      5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-05-22 08:46:39       568 --ah----- C:\WINDOWS\nod32fixtemdono.reg


-- Find3M Report ---------------------------------------------------------------

2008-06-12 07:23:42         0 d-------- C:\Documents and Settings\semper\Programdata\BatMail
2008-06-12 07:11:25    420628 --a------ C:\WINDOWS\system32\perfh014.dat
2008-06-12 07:11:25     75626 --a------ C:\WINDOWS\system32\perfc014.dat
2008-06-11 11:05:54         0 d-------- C:\Documents and Settings\semper\Programdata\OpenOffice.org2
2008-06-08 18:25:58     55910 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-08 07:54:35         0 d-------- C:\Documents and Settings\semper\Programdata\The Master Genealogist v7
2008-06-06 20:49:37         0 d-------- C:\Documents and Settings\semper\Programdata\Adobe
2008-06-05 12:22:09         0 d-------- C:\Documents and Settings\semper\Programdata\Mp3tag
2008-06-04 11:02:32         0 d-------- C:\Documents and Settings\semper\Programdata\NCH Swift Sound
2008-06-03 21:38:38         0 d-------- C:\Documents and Settings\semper\Programdata\wsInspector
2008-06-02 13:27:15         0 d-------- C:\Programfiler\Fellesfiler\Adobe
2008-05-18 08:01:04         0 d-------- C:\Programfiler\Starry Night Pro Plus 6
2008-05-15 10:36:30       696 --a------ C:\Documents and Settings\semper\Programdata\ex_log.txt
2008-05-12 14:57:45         0 d-------- C:\Documents and Settings\semper\Programdata\dvdcss
2008-05-09 15:25:31         0 d-------- C:\Documents and Settings\semper\Programdata\Apple Computer
2008-05-09 13:31:40         0 d-------- C:\Programfiler\ZiPhone
2008-05-09 13:07:23         0 d-------- C:\Programfiler\iTunes
2008-05-09 13:07:15         0 d-------- C:\Programfiler\iPod
2008-05-09 13:06:58         0 d-------- C:\Programfiler\Bonjour
2008-05-09 13:06:47         0 d-------- C:\Programfiler\QuickTime
2008-05-09 13:05:41         0 d-------- C:\Programfiler\Apple Software Update
2008-05-09 13:05:23         0 d-------- C:\Programfiler\Fellesfiler
2008-05-09 13:05:23         0 d-------- C:\Programfiler\Fellesfiler\Apple
2008-05-02 09:00:44         0 d-------- C:\Documents and Settings\semper\Programdata\JGsoft
2008-05-02 08:53:42         0 d-------- C:\Programfiler\JGsoft
2008-05-02 08:08:11         0 d-------- C:\Programfiler\The Regex Coach
2008-04-29 18:41:38         0 d-------- C:\Documents and Settings\semper\Programdata\Help
2008-04-29 07:23:22         0 d-------- C:\Documents and Settings\semper\Programdata\Opera
2008-04-29 07:23:19         0 d-------- C:\Programfiler\Opera
2008-04-24 14:09:31         0 d-------- C:\Programfiler\Projity Inc
2008-04-22 22:05:02         0 d-------- C:\Programfiler\CCleaner
2008-04-13 09:06:29         0 d-------- C:\Documents and Settings\semper\Programdata\Bradsoft.com
2008-04-13 09:06:24         0 d-------- C:\Programfiler\Bradbury


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25.05.2007 14:07]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25.05.2007 14:07]
"nwiz"="nwiz.exe" [25.05.2007 14:07 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [12.01.2007 15:36]
"hpWirelessAssistant"="C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01.03.2007 13:18]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [22.12.2003 19:12]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [20.12.2005 16:51]
"Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [03.05.2007 11:52]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [24.01.2007 15:28]
"HPWWANGSAssistant"="c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe" [03.05.2007 17:33]
"Norton Ghost 12.0"="C:\Programfiler\Norton Ghost\Agent\VProTray.exe" [28.03.2007 21:41]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"egui"="C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [13.03.2008 16:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [13.10.2004 18:24]
"OpAgent"="OpAgent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\semper\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [16.03.2005 19:16:50]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
PGPtray.exe.lnk - C:\WINDOWS\Installer\{BBC2FB32-7494-4A0E-B4E9-C5C90F142321}\Icon6560581611.exe [25.02.2008 23:20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 
DeviceNP.dll 30.04.2007 08:19 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll PGPmapih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	Pml Driver HPZ12 Net Driver HPZ12
Cognizance	ASBroker ASChannel


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-06-12 13:47:57 ------------


extra.txt
Code: Select all
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Norwegian

CPU 0: Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 3071.23 MiB / 2423.64 MiB
Pagefile Memory (total/avail): 4955.15 MiB / 4473.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.05 MiB

C: is Fixed (NTFS) - 103.65 GiB total, 13.82 GiB free. 
D: is CDROM (No Media)
E: is Fixed (NTFS) - 8.14 GiB total, 7.89 GiB free. 
F: is Removable (FAT)
G: is Fixed (NTFS) - 465.76 GiB total, 127.5 GiB free. 
H: is Fixed (NTFS) - 55.88 GiB total, 19.19 GiB free. 

\\.\PHYSICALDRIVE0 - FUJITSU MHW2120BJ G1 - 111.79 GiB - 2 partitions
  \PARTITION0 (bootable) - Installerbart filsystem - 103.65 GiB - C:
  \PARTITION1 - Installerbart filsystem - 8.14 GiB - E:

\\.\PHYSICALDRIVE3 -  - 964.84 MiB - 1 partition
  \PARTITION0 - MS-DOS V4 Huge - 968.5 MiB - F:

\\.\PHYSICALDRIVE1 - Maxtor OneTouch III USB Device - 465.76 GiB - 1 partition
  \PARTITION0 - Installerbart filsystem - 465.76 GiB - G:

\\.\PHYSICALDRIVE2 - ST960822 A USB Device - 55.89 GiB - 1 partition
  \PARTITION0 (bootable) - Installerbart filsystem - 55.88 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"C:\\Programfiler\\xampp\\apache\\bin\\apache.exe"="C:\\Programfiler\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Programfiler\\xampp\\mysql\\bin\\mysqld.exe"="C:\\Programfiler\\xampp\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\DreamTSman\\DreamTSman.exe"="C:\\Programfiler\\DreamTSman\\DreamTSman.exe:*:Enabled:DreamTSman"
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"="C:\\Programfiler\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"="DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ:*:Enabled:Nod32 Runtime"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\semper\Programdata
CLASSPATH=.;C:\Programfiler\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programfiler\Fellesfiler
COMPUTERNAME=PC168961826147
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\semper
LOGONSERVER=\\PC168961826147
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programfiler\PC Connectivity Solution;c:\Programfiler\Fellesfiler\Roxio Shared\DLLShared;c:\Programfiler\Fellesfiler\Roxio Shared\DLLShared;c:\Programfiler\Fellesfiler\Roxio Shared\9.0\DLLShared;C:\Programfiler\Hewlett-Packard\IAM\bin;C:\Programfiler\QuickTime\QTSystem;C:\Programfiler\Fellesfiler\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Programfiler
PROMPT=$P$G
QTJAVA=C:\Programfiler\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=c:\Programfiler\Fellesfiler\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\semper\LOKALE~1\Temp
TMP=C:\DOCUME~1\semper\LOKALE~1\Temp
USERDOMAIN=PC168961826147
USERNAME=semper
USERPROFILE=C:\Documents and Settings\semper
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

semper [I](admin)[/I]
Administrator [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
 --> C:\Programfiler\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
 --> MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> c:\Programfiler\Fellesfiler\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3 --> c:\Programfiler\Fellesfiler\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop Lightroom --> MsiExec.exe /I{359D2A79-64C6-4824-83CE-B053297DED6A}
Adobe Premiere Pro 1.5 --> RunDll32 "C:\Programfiler\Fellesfiler\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x0009
Adobe Reader 8.1.2 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Application Installer 4.00.B14 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x14 
ASCOM Platform 4.1 --> C:\PROGRA~1\FELLES~1\ASCOM\TELESC~1\UNWISE.EXE C:\PROGRA~1\FELLES~1\ASCOM\TELESC~1\INSTALL.LOG
AutoCAD 2008 - English --> C:\Programfiler\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.3 --> MsiExec.exe /I{ECD94AA1-D865-4EF4-8F7C-5AA68D37ABE9}
AxCrypt (Remove Only) --> "C:\Programfiler\Axon Data\AxCrypt\AxCryptU.exe"
BIOS Configuration for HP ProtectTools --> MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe"
Chessmaster 10th Edition --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F} 
Credential Manager for HP ProtectTools --> MsiExec.exe /X{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}
Device Access Manager for HP ProtectTools --> MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
DivX Codec --> C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DreamTSman --> "C:\Programfiler\DreamTSman\unins000.exe"
Drive Encryption for HP ProtectTools --> MsiExec.exe /X{F843AC27-704C-4731-A590-F57841B488F2}
EMS SQL Manager 2007 for MySQL --> "C:\Programfiler\EMS\SQL Manager for MySQL\Uninstall.exe" "C:\Programfiler\EMS\SQL Manager for MySQL\install.log" -u
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
G-PROG NS3420 Oppslag --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{535F7044-AE4F-11D4-9FB7-00C04FC2B6A9}\setup.exe" 
GameShadow --> MsiExec.exe /I{4FBC6F79-4811-4422-9305-92979B8C6392}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programfiler\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP 3D DriveGuard --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\setup.exe" -l0x14  UNINSTALL
HP Broadband Wireless Modules --> MsiExec.exe /X{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x14  -removeonly
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP Notebook Accessories Product Tour --> MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
HP ProtectTools Security Manager --> MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.20 G1 --> C:\Programfiler\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0014 -removeonly uninst
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guide Bluetooth Addendum 0062 --> MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0061 --> MsiExec.exe /I{ADA35685-E6DC-42F2-807E-312AD0D18AA6}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HP WWAN Setup Utility --> MsiExec.exe /X{8F67CD1C-DF0B-400D-B611-A01A7C8D46B5}
Hurtigreparasjon for Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB909095) --> "C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB910728) --> "C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB912436) --> "C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB915326) --> "C:\WINDOWS\$NtUninstallKB915326$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB928388) --> "C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB929120) --> "C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
ImgBurn (Remove Only) --> "C:\Programfiler\ImgBurn\uninstall.exe"
Installeringsprogram for HP Backup and Recovery Manager --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x14  -uninst  -removeonly
Intel(R) Active Management Technology Device Software --> C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel(R) Management Engine Interface --> C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe"  REMOVEALL
InterVideo WinDVD --> "C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JGsoft RegexBuddy 3 v.3.1.0 --> C:\WINDOWS\UnDeploy.exe "C:\Programfiler\JGsoft\RegexBuddy3\Deploy.log"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Programfiler\Symantec\LiveUpdate\LSETUP.EXE" /U
MediaMonkey 2.5 --> "C:\Programfiler\MediaMonkey\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110414-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.39 --> C:\Programfiler\Mp3tag\Mp3tagUninstall.EXE
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NCH Toolbox --> C:\Programfiler\NCH Swift Sound\ToolBox\uninst.exe
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up --> "C:\Programfiler\ESET\ESET NOD32 Antivirus\unins000.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Programdata\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_nor_web.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}
NS3420 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{1925A09C-B8DB-421D-9880-6ED51AD04857}\setup.exe" -l0x14  -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.3 --> MsiExec.exe /I{E742F89E-4D0A-4949-AD8A-8C4A14BB94BB}
OpenProj --> MsiExec.exe /I{13702021-43FB-480C-912F-D9B74A538288}
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Oppdatering for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Complete --> C:\Programfiler\PDF Complete\pdfiutil.exe /UGUI
PGP Desktop --> MsiExec.exe /X{BBC2FB32-7494-4A0E-B4E9-C5C90F142321}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
QuickTime --> MsiExec.exe /X{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}
Registry Mechanic 6.0 --> "C:\Programfiler\Registry Mechanic\unins000.exe"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
ScanSoft OmniPage 16 --> MsiExec.exe /I{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}
Sikkerhetsoppdatering for Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhetsoppdatering for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Silent Hunter 4 Wolves of the Pacific --> C:\Programfiler\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0009 -removeonly
Soft Data Fax Modem with SmartCP --> C:\Programfiler\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795\UIU32m.exe -U -IhpqZ3795.inf
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x14  -removeonly
Starry Night Pro Plus 6 --> "C:\Programfiler\Starry Night Pro Plus 6\Uninstall Starry Night Pro Plus 6\Uninstall Starry Night Pro Plus 6.exe"
Switch Sound File Converter --> C:\Programfiler\NCH Swift Sound\Switch\uninst.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Bat! Professional v3.99.29 --> MsiExec.exe /I{CA8D1F57-1D54-463F-A97D-9D740EBBD285}
The Master Genealogist v7 (for All Users) --> C:\PROGRA~1\THEMAS~1\UNWISE.EXE C:\PROGRA~1\THEMAS~1\sysdata\INSTALL.LOG
TopStyle (Version 3) --> "C:\Programfiler\Bradbury\TopStyle3\unins000.exe"
Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
Uninstall Startup Inspector --> "C:\Programfiler\Startup Inspector for Windows\unins000.exe"
VideoLAN VLC media player 0.8.6e --> C:\Programfiler\VideoLAN\VLC\uninstall.exe
Visual DataFlex 9.0.29.1 Client --> C:\PROGRA~1\VISUAL~1.0\UNINST~1.1\UNWISE.EXE C:\PROGRA~1\VISUAL~1.0\UNINST~1.1\INSTALL.LOG
Windows-driverpakke - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows-driverpakke - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows-driverpakke - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows-driverpakke - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885464 --> C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888402 --> C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB889673 --> C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB892559 --> "C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
WinRAR Arkiverer --> C:\Programfiler\WinRAR\uninstall.exe
Wintouch Office 12.0 Pro --> MsiExec.exe /I{DA6E42A1-B843-4EBA-909C-9D494DBEA398}
XAMPP 1.6.2 --> "C:\Programfiler\xampp\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5929 / Error
Event Submitted/Written: 06/12/2008 07:06:59 AM
Event ID/Source: 1004 / Application Error
Event Description:
Feilende program winlogon.exe, versjon 0.0.0.0, feilende modul ole32.dll, versjon 5.1.2600.2726, feiladresse 0x0004d645.
Feil under oppretting resulterende PEAP-TLV som svar på mottatt PEAP-TLV (winlogon.exe!ld!)

Event Record #/Type5924 / Warning
Event Submitted/Written: 06/12/2008 07:06:45 AM
Event ID/Source: 2001 / Intel(R) AMT
Event Description:
[UNS] Failed to get EAC Status.

Event Record #/Type5923 / Error
Event Submitted/Written: 06/12/2008 07:06:45 AM
Event ID/Source: 2002 / Intel(R) AMT
Event Description:
[UNS] Failed to subscribe to local Intel(R) AMT.

Event Record #/Type5908 / Error
Event Submitted/Written: 06/12/2008 07:05:34 AM
Event ID/Source: 1000 / Application Error
Event Description:
Feilende program , versjon 0.0.0.0, feilende modul ole32.dll, versjon 5.1.2600.2726, feiladresse 0x0004d645.
Behandler mediaspesifikk hendelse for [!ws!]

Event Record #/Type5902 / Error
Event Submitted/Written: 06/12/2008 07:05:28 AM
Event ID/Source: 2002 / Intel(R) AMT
Event Description:
[UNS] Failed to subscribe to local Intel(R) AMT.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12419 / Error
Event Submitted/Written: 06/12/2008 07:06:20 AM / 06/12/2008 07:06:46 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialisering mislyktes fordi driverenheten ikke kunne opprettes.

Event Record #/Type12418 / Error
Event Submitted/Written: 06/12/2008 07:06:20 AM / 06/12/2008 07:06:46 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialisering mislyktes fordi driverenheten ikke kunne opprettes.

Event Record #/Type12417 / Error
Event Submitted/Written: 06/12/2008 07:06:20 AM / 06/12/2008 07:06:46 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialisering mislyktes fordi driverenheten ikke kunne opprettes.

Event Record #/Type12416 / Error
Event Submitted/Written: 06/12/2008 07:06:20 AM / 06/12/2008 07:06:46 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialisering mislyktes fordi driverenheten ikke kunne opprettes.

Event Record #/Type12415 / Error
Event Submitted/Written: 06/12/2008 07:06:20 AM / 06/12/2008 07:06:46 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialisering mislyktes fordi driverenheten ikke kunne opprettes.



-- End of Deckard's System Scanner: finished at 2008-06-12 13:47:57 ------------

sempersem
Active Member
 
Posts: 6
Joined: June 9th, 2008, 3:52 am

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby peku006 » June 12th, 2008, 1:23 pm

Hi sempersem
"NOD32 reports activity"
all they "bad guys" are cleaned by deleting or quarantined.....

For the future, please post logs directly to the thread, don´t use Code or Quotes (lettere å lese) ;)



1 - Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - Check a file for Viruses.
C:\ejjfdds.exe

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.

3 - Get Firewall and AntiVirus Status
Please go to Start, Run, type wscui.cpl into the box and hit <Enter>.
Tell me if it reports both AntiVirus and Firewall as ON, and then click on the little down arrows on the right of each, and note the name of the application being used for each.
In your reply please include the application names and ON/OFF status of each.

4- Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. the Result of file scan
3. Firewall and AntiVirus Status
4. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby sempersem » June 12th, 2008, 4:33 pm

OK...here we go, you asked for it...(litt mer lesestoff) :)

1. the Malwarebytes' Anti-Malware Log
Malwarebytes' Anti-Malware 1.17
Database versjon: 850

22:07:16 12.06.2008
mbam-log-6-12-2008 (22-07-16).txt

Skann type: Full Skann (C:\|E:\|)
Objekter skannet: 244545
Tid tilbakelagt: 49 minute(s), 41 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 1
Mapper infisert: 0
Filer infisert: 0

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
(Ingen mistenkelige filer funnet)

Registernøkler infisert:
(Ingen mistenkelige filer funnet)

Registerverdier infisert:
(Ingen mistenkelige filer funnet)

Registerfiler infisert:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mapper infisert:
(Ingen mistenkelige filer funnet)

Filer infisert:
(Ingen mistenkelige filer funnet)

2. the Result of file scan

Antivirus Version Last Update Result
AhnLab-V3 2008.6.13.0 2008.06.12 -
AntiVir 7.8.0.55 2008.06.12 -
Authentium 5.1.0.4 2008.06.12 -
Avast 4.8.1195.0 2008.06.12 -
AVG 7.5.0.516 2008.06.12 SHeur.APIJ
BitDefender 7.2 2008.06.12 -
CAT-QuickHeal 9.50 2008.06.12 TrojanProxy.Agent.sh
ClamAV 0.92.1 2008.06.12 -
DrWeb 4.44.0.09170 2008.06.12 -
eSafe 7.0.15.0 2008.06.12 suspicious Trojan/Worm
eTrust-Vet 31.6.5868 2008.06.12 -
Ewido 4.0 2008.06.12 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.12 -
Fortinet 3.14.0.0 2008.06.12 -
GData 2.0.7306.1023 2008.06.12 -
Ikarus T3.1.1.26.0 2008.06.12 -
Kaspersky 7.0.0.125 2008.06.12 -
McAfee 5316 2008.06.12 -
Microsoft 1.3604 2008.06.12 -
NOD32v2 3181 2008.06.12 unpack error
Norman 5.80.02 2008.06.12 W32/DLoader.EHUG
Panda 9.0.0.4 2008.06.12 Suspicious file
Prevx1 V2 2008.06.12 Suspicious
Rising 20.48.32.00 2008.06.12 -
Sophos 4.30.0 2008.06.12 Sus/DelpDldr-A
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.12 -
TheHacker 6.2.92.345 2008.06.12 -
VBA32 3.12.6.7 2008.06.12 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.12 Win32.Malware.dam (suspicious)
Additional information
File size: 42662 bytes
MD5...: 7f97d04f8b11083792552a9606bb02c2
SHA1..: 6875bf2173ed7b4b79b2913bbada028da1aab0eb
SHA256: 4e9bdf389e71735b6a4081db01c1b013ec5e4cedf93a0a57d4d4fb1f13781840
SHA512: cbd9115a121a5ba095876d7164ede6e4ea5bd1d442c40f902d69fe24b69ee10b
bd52d885f43c1b8f1b095a14b384e26d3b5e8ad4fd1ca624c33eecced37f2de2
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x42f140
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x24000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x25000 0xb000 0xa400 7.90 ee2fdbdeded5c54d1430bf0c8e30c887
.rsrc 0x30000 0x1000 0x400 0.00 d41d8cd98f00b204e9800998ecf8427e

( 0 imports )

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00D2AD040F
packers (Kaspersky): UPX
packers (F-Prot): UPX

3. Firewall and AntiVirus Status
Firewall- ON
Windows Firewall is ON

AntiVirus - ON
ESET NOD32 Antivirus 3.0 is updated and virusscanning is ON

4. a fresh HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:09, on 12.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programfiler\Norton Ghost\Agent\VProTray.exe
C:\Programfiler\xampp\apache\bin\apache.exe
C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Intel\AMT\atchksrv.exe
C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Intel\AMT\LMS.exe
C:\Programfiler\xampp\mysql\bin\mysqld-nt.exe
C:\Programfiler\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\PDF Complete\pdfsvc.exe
C:\Programfiler\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\AMT\UNS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programfiler\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Programfiler\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\totalcmd\TOTALCMD.EXE
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kongsberg.kommune.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programfiler\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: APSHook.dll PGPmapih.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programfiler\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Programfiler\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programfiler\Intel\AMT\LMS.exe
O23 - Service: mysql - Unknown owner - C:\Programfiler\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programfiler\Intel\AMT\UNS.exe

--
End of file - 12323 bytes
sempersem
Active Member
 
Posts: 6
Joined: June 9th, 2008, 3:52 am

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby peku006 » June 13th, 2008, 2:17 am

Hi
You’ve done a good job so far sempersem, how is your system running now?

1 - Download and Run: OTMoveIt2
Please download OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    C:\ejjfdds.exe
    
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTMoveIt2.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

2 - Run Kaspersky online scanner

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

3 - Status Check
Please reply with
1. the OTMoveIt2 log
2. the Kaspersky online scanner report
3. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby sempersem » June 13th, 2008, 4:21 pm

Sorry for the delay...had some problems with the Kasparsky scan. After about 5 hours the machine start to hang. Had to abort, and after that I could not shut down the computer.
Tryed again, after disabling NOD, and it went OK...after about 3 hours.
Well here is my response to your last post:

1. the OTMoveIt2 log
C:\ejjfdds.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06132008_083414


2. the Kaspersky online scanner report
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 16:46:58
Records in database: 860378
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 183220
Threat name: 1
Infected objects: 0
Suspicious objects: 9
Duration of the scan: 03:10:57


File name / Threat name / Threats count
C:\Documents and Settings\semper\Programdata\BatMail\Per Kristian\$JUNK$\MESSAGES.TBB Suspicious: Exploit.HTML.Iframe.FileDownload 9

The selected area was scanned.

3. a fresh HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:40, on 13.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\xampp\apache\bin\apache.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Intel\AMT\atchksrv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Intel\AMT\LMS.exe
C:\Programfiler\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Programfiler\xampp\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\AMT\UNS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programfiler\Norton Ghost\Agent\VProTray.exe
C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Hewlett-Packard\IAM\bin\asghost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kongsberg.kommune.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programfiler\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: APSHook.dll PGPmapih.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programfiler\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Programfiler\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Programfiler\Intel\AMT\LMS.exe
O23 - Service: mysql - Unknown owner - C:\Programfiler\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Programfiler\Intel\AMT\UNS.exe

--
End of file - 12318 bytes
sempersem
Active Member
 
Posts: 6
Joined: June 9th, 2008, 3:52 am

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby peku006 » June 14th, 2008, 5:53 am

Hi sempersem
"had some problems with the Kasparsky scan"
I`m sorry to hear that , when I was trying it worked.
Please empty your BatMail junk folder
C:\Documents and Settings\semper\Programdata\BatMail\Per Kristian\$JUNK$\

the scans are fine and it looks like your machine is clean :)

Time for some housekeeping

Let's clear out the programmes we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.


  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • When finished exit out of OTMoveIt
  • The tool will delete itself once it finishes, if not delete it by yourself.

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note: If you are running Windows XP SP2, you should upgrade to SP3.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing! ;)
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby sempersem » June 14th, 2008, 7:17 am

I will follow your tips for "housekeeping".
Thank's for good and professional help :)
sempersem
Active Member
 
Posts: 6
Joined: June 9th, 2008, 3:52 am

Re: NOD32 reports activity...HJT logfile here, help needed

Unread postby Shaba » June 14th, 2008, 12:02 pm

sempersem this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 360 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware