Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91805 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Trojan files


  • This topic is locked This topic is locked
14 replies to this topic

#1 Kamidamaru

Kamidamaru

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 October 2009 - 09:37 AM

Just had my pc do two bizzare things on me, one was springing a microsoft office email window trying to send the file I was playing at that moment with a pretyped body of text and another random pop up window on the desktop that I didnt even get to see before it vanished. I ran avg free virus scan and that found two trojans (svdhost.exe and rtg 17.exe) and malwarebytes' found em as well. Now I've cleaned them out as well as I could figure how to but I still feel a bit suspicious, can you guys please help if you got the time to?

Edited by Kamidamaru, 04 October 2009 - 12:25 PM.

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 October 2009 - 05:25 AM

:welcome:

We need some logs to see whats going on.

Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check just these boxes:
  • Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:, and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.






  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 Kamidamaru

Kamidamaru

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 06 October 2009 - 11:56 AM

Firstly there's the RootRepeal log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/06 19:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6883000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA662000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP9812
Image Path: \Driver\PCI_PNP9812
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB4458000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sphl.sys
Image Path: sphl.sys
Address: 0xB9EA7000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sphl.sys" at address 0xb9ea80e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sphl.sys" at address 0xb9ec6ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sphl.sys" at address 0xb9ec7030

#: 119 Function Name: NtOpenKey
Status: Hooked by "sphl.sys" at address 0xb9ea80c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sphl.sys" at address 0xb9ec7108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sphl.sys" at address 0xb9ec6f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sphl.sys" at address 0xb9ec719a

==EOF==

And here's the log.txt file

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kamidamaru Kjellberg at 2009-10-06 19:52:52
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (23%) free of 20 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:11, on 2009-10-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
F:\Program\adobe\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe
C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
F:\Program\logitech\camstah\QuickCam10.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program\Razer\DeathAdder\razerhid.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
F:\Program\Razer\DeathAdder\razertra.exe
F:\Program\Itunes\iTunesHelper.exe
F:\Program\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
F:\Program\DAEMON Tools Pro\DTProAgent.exe
F:\Program\DAEMON Tools\DAEMON Tools Lite\daemon.exe
F:\Program\logitech\camstah\COCIManager.exe
F:\Program\steam\Steam.exe
C:\Program\NCSoft\Launcher\NCLauncher.exe
C:\Program\iPod\bin\iPodService.exe
F:\Program\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Windows Live\Contacts\wlcomm.exe
F:\Program\AVG\AVG8\avgtray.exe
F:\Program\AVG\AVG8\avgwdsvc.exe
F:\Program\AVG\AVG8\avgrsx.exe
F:\Program\AVG\AVG8\avgnsx.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\uTorrent\uTorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kamidamaru Kjellberg\Skrivbord\RSIT.exe
C:\Program\trend micro\Kamidamaru Kjellberg.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program\adobe\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program\logitech\camstah\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] F:\Program\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program\Quick time carp**\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Sound Volume driver] vsdhost.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunServices: [Sound Volume driver] vsdhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program\DAEMON Tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "F:\Program\steam\Steam.exe" -silent
O4 - HKCU\..\Run: [CurseClient] C:\Program\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = F:\Program\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopet.../dev/gopets.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 9149 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - F:\Program\AVG\AVG8\avgssie.dll [2009-10-04 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live inloggningshjälpen - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736]
"nwiz"=nwiz.exe /install []
"WUSB54Gv4"=C:\Program\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe [2004-04-19 24576]
"SoundMAXPnP"=C:\Program\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"Adobe Photo Downloader"=F:\Program\adobe\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"LogitechCommunicationsManager"=C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]
"LVCOMSX"=C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe [2006-06-26 243248]
"LogitechQuickCamRibbon"=F:\Program\logitech\camstah\QuickCam10.exe [2006-06-26 614960]
"Adobe Reader Speed Launcher"=F:\Program\adobe\Reader\Reader_sl.exe [2008-10-15 39792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-27 86016]
"DeathAdder"=F:\Program\Razer\DeathAdder\razerhid.exe [2008-09-05 159744]
"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"SoundMax"=C:\Program\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"QuickTime Task"=F:\Program\Quick time carp**\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=F:\Program\Itunes\iTunesHelper.exe [2009-09-21 305440]
"AVG8_TRAY"=F:\Program\AVG\AVG8\avgtray.exe [2009-10-06 2023704]
"Sound Volume driver"=vsdhost.exe []
"Malwarebytes Anti-Malware (reboot)"=F:\Program\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Program\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"DAEMON Tools Pro Agent"=F:\Program\DAEMON Tools Pro\DTProAgent.exe [2007-12-12 273864]
"DAEMON Tools Lite"=F:\Program\DAEMON Tools\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"Steam"=F:\Program\steam\Steam.exe [2009-06-11 1217784]
"CurseClient"=C:\Program\Curse\CurseClient.exe [2009-07-07 1966592]
"PlayNC Launcher"= []
"NCsoft Launcher"=C:\Program\NCSoft\Launcher\NCLauncher.exe [2009-09-18 38184]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
WinCinema Manager.lnk - F:\Program\Sandisk\Common\Bin\WinCinemaMgr.exe
BankID säkerhetsprogram.lnk - C:\Program\Personal\bin\Personal.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
F:\Program\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-10-04 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=F:\Program\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program\uTorrent\uTorrent.exe"="C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"F:\Spel\World of Warcraft\BackgroundDownloader.exe"="F:\Spel\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Kamidamaru Kjellberg\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Kamidamaru Kjellberg\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"F:\Program\Ventrilo\Ventrilo.exe"="F:\Program\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Documents and Settings\Kamidamaru Kjellberg\Lokala inställningar\temp\Blizzard Launcher Temporary - bfd36378\Launcher.exe"="C:\Documents and Settings\Kamidamaru Kjellberg\Lokala inställningar\temp\Blizzard Launcher Temporary - bfd36378\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Kamidamaru Kjellberg\Lokala inställningar\temp\Blizzard Launcher Temporary - 0ac49780\Launcher.exe"="C:\Documents and Settings\Kamidamaru Kjellberg\Lokala inställningar\temp\Blizzard Launcher Temporary - 0ac49780\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\Down\Game\DoW2\DOW2.exe"="E:\Down\Game\DoW2\DOW2.exe:*:Enabled:DOW2"
"F:\Program\spotify\spotify.exe"="F:\Program\spotify\spotify.exe:*:Enabled:Spotify"
"F:\Spel\World of Warcraft\Launcher.exe"="F:\Spel\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program\Curse\CurseClient.exe"="C:\Program\Curse\CurseClient.exe:*:Enabled:Curse Client"
"E:\Red.Alert.3\Data\ra3_1.0.game"="E:\Red.Alert.3\Data\ra3_1.0.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"E:\NwN2\Nwn2\nwn2main.exe"="E:\NwN2\Nwn2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"E:\NwN2\Nwn2\nwn2main_amdxp.exe"="E:\NwN2\Nwn2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"E:\NwN2\Nwn2\nwupdate.exe"="E:\NwN2\Nwn2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"E:\NwN2\Nwn2\nwn2server.exe"="E:\NwN2\Nwn2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"E:\Nwn22\nwn2main.exe"="E:\Nwn22\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"E:\Nwn22\nwn2main_amdxp.exe"="E:\Nwn22\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"E:\Nwn22\nwupdate.exe"="E:\Nwn22\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"E:\Nwn22\nwn2server.exe"="E:\Nwn22\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"E:\BfME\game.dat"="E:\BfME\game.dat:*:Enabled:The Battle for Middle-earth ™"
"F:\Spel\BME2\game.dat"="F:\Spel\BME2\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"F:\Spel\EVE\bin\ExeFile.exe"="F:\Spel\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"E:\Demidog\Stardock Games\Demigod\bin\Demigod.exe"="E:\Demidog\Stardock Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod"
"F:\Spel\World of Warcraft Public Test\Launcher.exe"="F:\Spel\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\Half-Life 2\hl2.exe"="E:\Half-Life 2\hl2.exe:*:Enabled:hl2"
"F:\Spel\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="F:\Spel\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Program\Curse\CurseClient.exe"="F:\Program\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program\Bonjour\mDNSResponder.exe"="C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Spel\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="F:\Spel\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Spel\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="F:\Spel\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Spel\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="F:\Spel\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\Program\Itunes\iTunes.exe"="F:\Program\Itunes\iTunes.exe:*:Enabled:iTunes"
"F:\Program\AVG\AVG8\avgupd.exe"="F:\Program\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"F:\Program\AVG\AVG8\avgnsx.exe"="F:\Program\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4aa2cc-a438-11dc-ad4f-0017317479a9}]
shell\AutoRun\command - K:\OnSpcLCK.exe


======List of files/folders created in the last 1 months======

2009-10-06 19:52:54 ----D---- C:\Program\trend micro
2009-10-06 19:52:52 ----D---- C:\rsit
2009-10-06 19:51:15 ----A---- C:\RootRepeal report 10-06-09 (19-51-15).txt
2009-10-04 18:58:11 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-04 18:57:59 ----D---- C:\Documents and Settings\Kamidamaru Kjellberg\Application Data\SUPERAntiSpyware.com
2009-10-04 15:10:52 ----HD---- C:\$AVG8.VAULT$
2009-10-04 15:08:21 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-10-04 15:07:37 ----D---- C:\Program\AVG
2009-10-04 15:07:36 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-10-04 15:03:38 ----D---- C:\Documents and Settings\Kamidamaru Kjellberg\Application Data\AVG8
2009-10-02 02:52:34 ----D---- C:\Program\iPod
2009-09-19 19:04:21 ----D---- C:\Program\Windows Live Safety Center
2009-09-16 14:23:53 ----D---- C:\Program\Microsoft
2009-09-16 14:23:32 ----D---- C:\Program\Windows Live SkyDrive
2009-09-16 14:23:18 ----D---- C:\Program\Windows Live
2009-09-16 14:21:21 ----D---- C:\Program\Delade filer\Windows Live
2009-09-11 21:59:18 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

======List of files/folders modified in the last 1 months======

2009-10-06 19:53:13 ----D---- C:\Documents and Settings\Kamidamaru Kjellberg\Application Data\uTorrent
2009-10-06 19:52:54 ----RD---- C:\Program
2009-10-06 19:52:54 ----D---- C:\WINDOWS\Prefetch
2009-10-06 19:50:52 ----D---- C:\WINDOWS\system32\drivers
2009-10-06 19:23:15 ----D---- C:\Program\Mozilla Firefox
2009-10-06 16:36:29 ----D---- C:\WINDOWS\temp
2009-10-06 03:59:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-06 00:24:15 ----D---- C:\Documents and Settings\Kamidamaru Kjellberg\Application Data\foobar2000
2009-10-04 22:37:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-04 18:58:08 ----SHD---- C:\WINDOWS\Installer
2009-10-04 18:57:22 ----D---- C:\Program\Delade filer\Wise Installation Wizard
2009-10-04 16:21:59 ----D---- C:\WINDOWS\system32
2009-10-04 15:05:11 ----D---- C:\WINDOWS
2009-10-04 12:33:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-02 07:10:33 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-10-02 02:52:33 ----D---- C:\Program\Delade filer\Apple
2009-09-19 19:05:05 ----HD---- C:\WINDOWS\inf
2009-09-17 14:53:55 ----D---- C:\Program\Microsoft Silverlight
2009-09-16 14:23:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-16 14:23:40 ----D---- C:\Program\Delade filer\Microsoft Shared
2009-09-16 14:23:25 ----RSD---- C:\WINDOWS\Fonts
2009-09-16 14:21:21 ----D---- C:\Program\Delade filer
2009-09-12 05:07:11 ----D---- C:\Documents and Settings\Kamidamaru Kjellberg\Application Data\Apple Computer
2009-09-11 22:00:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-08 16:23:54 ----D---- C:\Program\Java
2009-09-08 07:46:28 ----D---- C:\Program\Personal

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-04 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-04 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-10-04 108552]
R1 intelppm;Intel-processordrivrutin; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40064]
R1 kbdhid;HID-drivrutin för tangentbord; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SASDIFSV;SASDIFSV; \??\F:\Program\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\F:\Program\SUPERAntiSpyware\SASKUTIL.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-13 281760]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 HidUsb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-13 25888]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-05-26 15781]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-09-28 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-09-28 55936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 DAdderFltr;DeathAdder Mouse; C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784]
R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2006-06-23 20272]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2006-06-23 1413424]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys [2006-06-23 55984]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-23 38960]
R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2006-06-23 961072]
R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-01-25 10368]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbaudio;USB-ljuddrivrutiner (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S3 a4151xys;a4151xys; C:\WINDOWS\system32\drivers\a4151xys.sys []
S3 ao61qs31;ao61qs31; C:\WINDOWS\system32\drivers\ao61qs31.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Avkodare för dold textning; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-04 17480]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MSTEE;Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video-anslutning; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2009-03-28 42512]
S3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2004-01-07 339488]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-10-08 585824]
S3 SASENUM;SASENUM; \??\F:\Program\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;Drivrutin för USB-skanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbvideo;USB-videoenhet (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Teletext-codec för världsstandard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WUSB54GPV4SRV;Wireless-G Portable USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 140416]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8wd;AVG Free8 WatchDog; F:\Program\AVG\AVG8\avgwdsvc.exe [2009-10-04 297752]
R2 Bonjour Service;Bonjour-tjänst; C:\Program\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LVPrcSrv;Logitech Process Monitor; c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S2 WUSB54Gv4SVC;WUSB54Gv4SVC; C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-02 2862428]
S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


And the info.txt file

info.txt logfile of random's system information tool 1.06 2009-10-06 19:53:45

======Uninstall list======

Sansa Media Converter-->"C:\Program\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->F:\Program\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"F:\Program\7-Zip\Uninstall.exe"
ACDSee 9 Photo Manager-->MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->F:\Program\AVG\AVG8\setup.exe /UNINSTALL
BankID säkerhetsprogram 4.10.3-->"C:\Program\Personal\bin\persinst.exe" -u
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Combined Community Codec Pack 2008-01-24-->"F:\Program\Combined Community Codec Pack\unins000.exe"
Curse Client-->F:\Program\Curse\uninstall.exe
Daniusoft Digital Music Converter(Build 2.4.1.0)-->"F:\Program\Daniusoft\Digital Music Converter\unins000.exe"
Dawn of War - Dark Crusade-->C:\Program\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn of War - Soulstorm-->"C:\Program\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
DivX Codec-->F:\Program\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->F:\Program\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->F:\Program\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->F:\Program\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->F:\Program\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivrutiner till Logitech® Camera-->"C:\Program\Delade filer\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
eMusic - 50 Free MP3 offer-->"F:\Program\Winamp\eMusic\Uninst-eMusic-promotion.exe"
FirstClass® Client-->C:\Program\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe -runfromtemp -l0x001d -uninst -removeonly
foobar2000 v0.9.4.5-->"F:\musik\foobar\uninstall.exe"
GameCenter-->F:\Program\GameCenter\uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hamachi 1.0.1.5-->F:\Program\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program\trend micro\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Magic ISO Maker v5.4 (build 0251)-->F:\Program\MagicISO\UNWISE.EXE F:\Program\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"F:\Program\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041D-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
mIRC-->F:\Program\irc\mIRC\uninstall.exe _?=F:\Program\irc\mIRC
Mozilla Firefox (3.0.14)-->C:\Program\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NCsoft Launcher-->C:\Program\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
NewsLeecher v3.95 Beta 3-->"F:\Program\NewsLeecher\unins000.exe"
NOD32 FiX-->"C:\Program\ESET\ESET Smart Security\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{8DE292EC-FA26-4526-BFEB-3EE820E97005}
Photosynth-->MsiExec.exe /X{4767A7DE-5B5E-4F91-B122-3CD67CC0C5A0}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Razer DeathAdder™ Mouse-->C:\Program\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\setup.exe -runfromtemp -l0x0009 -removeonly
RW-Everything v1.4-->"F:\Program\RW-Everything\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Snabbkorrigering för Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x1d -removeonly
Spotify-->"F:\Program\spotify\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program\SystemRequirementsLab\Uninstall.exe
Säkerhetsuppdatering för Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Säkerhetsuppdatering för Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
TeamSpeak 2 RC2-->F:\Program\Teamspeak2_RC2\unins000.exe
UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Uppdatering för Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX-->F:\PROGRAM\VENTRILOMIX0.5\Uninstal.exe
VideoLAN VLC media player 0.8.6b-->F:\Program\vlc\uninstall.exe
Winamp (remove only)-->"F:\Program\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Cypress (CyUsb) USB -->C:\Program\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\cyusb_13860389BCE916343D6A5C65169C6F0C6BF6E3EA\cyusb.inf
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)-->C:\Program\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\dadder_1D206EBC9FC4C5439CDE5E133FD5DADD76F8E58F\dadder.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}
Windows Live inloggningsassistenten-->MsiExec.exe /I{0E93710D-31E5-477C-8A4B-5032B484BE74}
Windows Live Messenger-->MsiExec.exe /X{EC928237-A3BD-4640-ABD0-E49E758F2315}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinFast® Display Driver-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x1d -removeonly
WinRAR archiver-->F:\Program\WinRAR\uninstall.exe
World of Warcraft-->C:\Program\Delade filer\Blizzard Entertainment\World of Warcraft Public Test-PTR (3)\Uninstall.exe
XviD4PSP 5.0-->F:\Program\Winnydows\XviD4PSP5\Uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: KAMIDAMARU
Event Code: 51
Message: Ett fel upptäcktes på enheten \Device\Harddisk3\D under en växlingsåtgärd.

Record Number: 5652
Source Name: Disk
Time Written: 20090726012311.000000+120
Event Type: Varning
User:

Computer Name: KAMIDAMARU
Event Code: 4226
Message: TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.

Record Number: 5605
Source Name: Tcpip
Time Written: 20090725213944.000000+120
Event Type: Varning
User:

Computer Name: KAMIDAMARU
Event Code: 4226
Message: TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.

Record Number: 5584
Source Name: Tcpip
Time Written: 20090725050116.000000+120
Event Type: Varning
User:

Computer Name: KAMIDAMARU
Event Code: 36
Message: Datorns tid har inte kunnat synkroniseras på 49152 sekunder eftersom
ingen tidsprovider har kunnat ge en användbar tidsstämpel. Datorns
klocka är inte synkroniserad.

Record Number: 5560
Source Name: W32Time
Time Written: 20090724163721.000000+120
Event Type: Varning
User:

Computer Name: KAMIDAMARU
Event Code: 4226
Message: TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.

Record Number: 5559
Source Name: Tcpip
Time Written: 20090724134928.000000+120
Event Type: Varning
User:

=====Application event log=====

Computer Name: KAMIDAMARU
Event Code: 1002
Message: Stoppat program mplayerc.exe, version 6.4.9.0, stoppad modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

Record Number: 14907
Source Name: Application Hang
Time Written: 20090708122655.000000+120
Event Type: Fel
User:

Computer Name: KAMIDAMARU
Event Code: 1002
Message: Stoppat program mplayerc.exe, version 6.4.9.0, stoppad modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

Record Number: 14906
Source Name: Application Hang
Time Written: 20090708122654.000000+120
Event Type: Fel
User:

Computer Name: KAMIDAMARU
Event Code: 12001
Message:
Record Number: 14903
Source Name: usnjsvc
Time Written: 20090708112859.000000+120
Event Type:
User:

Computer Name: KAMIDAMARU
Event Code: 1517
Message: Registerinställningar för användaren KAMIDAMARU\Kamidamaru Kjellberg sparades medan ett program eller en tjänst fortfarande använde registret under utloggning. Det minne som användes av användarens register har inte frigjorts. Registret kommer att tas bort ur minnet när det inte längre används.


Detta kan ske när tjänster körs under användarkonton. Försök konfigurera tjänster som att de körs antingen som lokal tjänst eller nätverkstjänst.

Record Number: 14899
Source Name: Userenv
Time Written: 20090708005527.000000+120
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: KAMIDAMARU
Event Code: 12001
Message:
Record Number: 14891
Source Name: usnjsvc
Time Written: 20090707083256.000000+120
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;F:\Program\Quick time carp**\QTSystem;F:\Program\Quick time carp**\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 October 2009 - 04:05 PM

Hi,

You appear to be a gamer, have to warn you that not all game downloads are safe. This is a source we see of people getting infected.

C:\Program\uTorrent\ <--Using file sharing sites like this is another big source of getting infected. Your downloading that file from an unknown source, its like playing Russian Roulette Malwarewise.



Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O24 - Desktop Component 0: Privacy Protection - (no file)





Open notepad and then copy and paste the bolded lines below into Notepad.
Go to File > save as and name the file fixes.bat.
Change the Save as type to all files and save it to your desktop.

@echo off
sc stop npggsvc
sc delete npggsvc


Double-click on fixes.bat file to execute it.

Reboot your pc




Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 Kamidamaru

Kamidamaru

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 06 October 2009 - 05:55 PM

Well here is the Combofix log


ComboFix 09-10-06.03 - Kamidamaru Kjellberg 2009-10-07 1:33.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.46.1053.18.2046.1212 [GMT 2:00]
Körs från: c:\documents and settings\Kamidamaru Kjellberg\Skrivbord\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kamidamaru Kjellberg\Application Data\.#
c:\windows\Installer\ab38b66.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pagefileconfig.vbs
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((((((( Filer Skapade från 2009-09-06 till 2009-10-06 ))))))))))))))))))))))))))))))
.

2009-10-06 17:52 . 2009-10-06 23:12 -------- d-----w- c:\program\trend micro
2009-10-06 17:52 . 2009-10-06 17:53 -------- d-----w- C:\rsit
2009-10-04 16:58 . 2009-10-04 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-04 16:57 . 2009-10-04 16:57 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Application Data\SUPERAntiSpyware.com
2009-10-04 14:26 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 14:26 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 13:10 . 2009-10-04 15:04 -------- d-----w- C:\$AVG8.VAULT$
2009-10-04 13:08 . 2009-10-04 13:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-04 13:08 . 2009-10-04 13:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-04 13:08 . 2009-10-04 13:08 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-04 13:07 . 2009-10-06 14:37 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-04 13:07 . 2009-10-04 13:07 -------- d-----w- c:\program\AVG
2009-10-04 13:07 . 2009-10-04 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-04 13:03 . 2009-10-04 13:03 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Application Data\AVG8
2009-10-02 00:52 . 2009-10-02 00:52 -------- d-----w- c:\program\iPod
2009-09-19 17:04 . 2009-09-19 17:05 -------- d-----w- c:\program\Windows Live Safety Center
2009-09-16 12:26 . 2009-10-06 23:21 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Tracing
2009-09-16 12:23 . 2009-09-16 12:23 -------- d-----w- c:\program\Microsoft
2009-09-16 12:23 . 2009-09-16 12:23 -------- d-----w- c:\program\Windows Live SkyDrive
2009-09-16 12:23 . 2009-09-16 12:24 -------- d-----w- c:\program\Windows Live
2009-09-16 12:21 . 2009-09-16 12:21 -------- d-----w- c:\program\Delade filer\Windows Live
2009-09-12 03:07 . 2009-09-12 03:07 32528 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 19:59 . 2009-09-11 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 23:39 . 2007-10-03 17:23 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-06 21:11 . 2007-01-12 20:28 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Application Data\uTorrent
2009-10-05 22:24 . 2007-11-26 22:00 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Application Data\foobar2000
2009-10-04 16:57 . 2008-06-04 21:26 -------- d-----w- c:\program\Delade filer\Wise Installation Wizard
2009-10-04 13:08 . 2008-04-17 10:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-04 10:33 . 2009-03-28 16:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-02 05:10 . 2008-07-17 17:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-02 00:52 . 2009-08-19 14:31 -------- d-----w- c:\program\Delade filer\Apple
2009-09-17 12:53 . 2008-04-16 19:47 -------- d-----w- c:\program\Microsoft Silverlight
2009-09-12 03:07 . 2007-09-03 22:40 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Application Data\Apple Computer
2009-09-08 14:23 . 2007-05-11 21:12 -------- d-----w- c:\program\Java
2009-09-08 05:46 . 2008-08-26 06:00 -------- d-----w- c:\program\Personal
2009-09-01 23:15 . 2009-06-08 23:11 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Application Data\GetRightToGo
2009-08-31 10:25 . 2009-08-31 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\FirstClass
2009-08-31 10:25 . 2007-01-13 02:14 -------- d--h--w- c:\program\InstallShield Installation Information
2009-08-28 17:42 . 2009-08-19 14:31 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-19 14:31 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 13:31 . 2009-03-30 20:22 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Application Data\Spotify
2009-08-20 18:33 . 2009-08-20 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-19 14:46 . 2009-08-19 14:46 -------- d-----w- c:\program\AviSynth 2.5
2009-08-19 14:35 . 2007-08-04 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-19 14:33 . 2009-08-19 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 14:33 . 2007-05-20 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-19 14:32 . 2009-08-19 14:32 -------- d-----w- c:\program\Bonjour
2009-08-19 14:31 . 2009-08-19 14:31 -------- d-----w- c:\program\Apple Software Update
2009-08-17 16:33 . 2009-06-05 17:48 8 ----a-w- c:\windows\system32\nvModes.dat
2009-08-09 23:55 . 2009-08-09 23:30 -------- d-----w- c:\documents and settings\Kamidamaru Kjellberg\Application Data\Bioshock
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2008-12-04 15:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 15:34 . 2007-01-12 22:36 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-13 15:34 . 2007-01-12 22:36 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"DAEMON Tools Pro Agent"="f:\program\DAEMON Tools Pro\DTProAgent.exe" [2007-12-12 273864]
"DAEMON Tools Lite"="f:\program\DAEMON Tools\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Steam"="f:\program\steam\Steam.exe" [2009-06-11 1217784]
"CurseClient"="c:\program\Curse\CurseClient.exe" [2009-07-07 1966592]
"NCsoft Launcher"="c:\program\NCSoft\Launcher\NCLauncher.exe" [2009-09-18 38184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WUSB54Gv4"="c:\program\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Adobe Photo Downloader"="f:\program\adobe\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"LogitechCommunicationsManager"="c:\program\Delade filer\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LVCOMSX"="c:\program\Delade filer\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"LogitechQuickCamRibbon"="f:\program\logitech\camstah\QuickCam10.exe" [2006-06-26 614960]
"Adobe Reader Speed Launcher"="f:\program\adobe\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"DeathAdder"="f:\program\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="f:\program\Quick time carp**\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="f:\program\Itunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG8_TRAY"="f:\program\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"Malwarebytes Anti-Malware (reboot)"="f:\program\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
WinCinema Manager.lnk - f:\program\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-2-15 303104]
BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-8 939920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- f:\program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-04 13:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program\\uTorrent\\uTorrent.exe"=
"f:\\Spel\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Documents and Settings\\Kamidamaru Kjellberg\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"f:\\Program\\Ventrilo\\Ventrilo.exe"=
"f:\\Program\\spotify\\spotify.exe"=
"f:\\Spel\\World of Warcraft\\Launcher.exe"=
"c:\\Program\\Curse\\CurseClient.exe"=
"f:\\Spel\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"f:\\Program\\Curse\\CurseClient.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"f:\\Spel\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Spel\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"f:\\Spel\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"f:\\Program\\Itunes\\iTunes.exe"=
"f:\\Program\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-04 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-04 108552]
R1 SASDIFSV;SASDIFSV;f:\program\SUPERAntiSpyware\sasdifsv.sys [2009-09-15 9968]
R1 SASKUTIL;SASKUTIL;f:\program\SUPERAntiSpyware\SASKUTIL.SYS [2009-09-15 74480]
R2 avg8wd;AVG Free8 WatchDog;f:\program\AVG\AVG8\avgwdsvc.exe [2009-10-04 297752]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-09-15 22784]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-09-02 16640]
S3 SASENUM;SASENUM;f:\program\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]

--- Övriga tjänster/drivrutiner i minnet ---

*NewlyCreated* - GTNDIS5
.
Innehållet i mappen 'Schemalagda aktiviteter':

2009-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Kamidamaru Kjellberg\Application Data\Mozilla\Firefox\Profiles\prgkxczk.default\
FF - component: f:\program\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program\Personal\bin\np_prsnl.dll
FF - plugin: c:\program\Photosynth\Tech Preview\nppsynth.dll
FF - plugin: f:\program\adobe\Reader\browser\nppdf32.dll
FF - plugin: f:\program\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: f:\program\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: f:\program\DivX\DivX Web Player\npdivx32.dll
FF - plugin: f:\program\Itunes\Mozilla Plugins\npitunes.dll
FF - plugin: f:\program\Quick time carp**\Plugins\npqtplugin.dll
FF - plugin: f:\program\Quick time carp**\Plugins\npqtplugin2.dll
FF - plugin: f:\program\Quick time carp**\Plugins\npqtplugin3.dll
FF - plugin: f:\program\Quick time carp**\Plugins\npqtplugin4.dll
FF - plugin: f:\program\Quick time carp**\Plugins\npqtplugin5.dll
FF - plugin: f:\program\Quick time carp**\Plugins\npqtplugin6.dll

---- FIREFOX POLICY ----
c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-Sound Volume driver - vsdhost.exe
AddRemove-NewsLeecher_is1 - f:\program\NewsLeecher\unins000.exe
AddRemove-Windows Media Format Runtime - c:\program\Windows Media Player\wmsetsdk.exe
AddRemove-{0166E190-92D7-482A-A220-DE8B7354383A} - c:\documents and settings\Kamidamaru Kjellberg\Lokala inställningar\Application Data\{BE672698-4DAC-4C83-9056-C07C3170F628}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 01:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1972579041-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:31,a5,4f,76,ca,f1,16,f1,0f,2a,8f,26,3c,fd,24,81,b9,66,17,0f,db,a4,ad,
88,48,1b,b2,ab,53,b0,be,8e,32,21,d7,63,0c,1b,d3,af,02,71,21,5f,fc,d8,95,e7,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1644491937-1972579041-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:44,7d,fa,6c,47,ad,b8,3c,33,bd,cd,d6,93,88,5f,19,a6,7e,01,29,be,
69,ae,54,39,00,a4,82,c2,3e,bd,b8,cc,fd,e5,da,77,e7,bc,bd,87,ac,cf,a2,dd,4d,\
"rkeysecu"=hex:c0,40,11,9e,2b,57,0a,3d,f4,4b,80,23,a5,50,68,c7
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(724)
f:\program\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program\Bonjour\mDNSResponder.exe
c:\program\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
f:\program\AVG\AVG8\avgrsx.exe
f:\program\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
c:\windows\system32\rundll32.exe
f:\program\Razer\DeathAdder\razertra.exe
f:\program\Razer\DeathAdder\razerofa.exe
f:\program\logitech\camstah\COCIManager.exe
c:\program\iPod\bin\iPodService.exe
.
**************************************************************************
.
Sluttid: 2009-10-06 1:42 - datorn startades om.
ComboFix-quarantined-files.txt 2009-10-06 23:42
ComboFix2.txt 2008-09-10 03:03

Före genomsökningen: 4 857 626 624 byte ledigt
Efter genomsökningen: 5 222 158 336 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

255 --- E O F --- 2009-03-16 02:02


As for the hijackthis log you wanted me to post, not sure exactly what sort of log or how to go about getting it so I am just going to let my ignorance shine here and ask nicely to be intstructed in how to get said log

#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 October 2009 - 06:39 PM

For HJT, there may be a shortcut on your desktop

C:\Program\trend micro\Kamidamaru Kjellberg.exe <--Should be here

  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Submit Reply and not start a New Thread.


How are things running now ??

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 Kamidamaru

Kamidamaru

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 06 October 2009 - 07:50 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47:24, on 2009-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
F:\Program\AVG\AVG8\avgrsx.exe
F:\Program\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
F:\Program\adobe\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe
C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe
F:\Program\logitech\camstah\QuickCam10.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program\Razer\DeathAdder\razerhid.exe
C:\Program\Java\jre6\bin\jusched.exe
F:\Program\Itunes\iTunesHelper.exe
F:\Program\AVG\AVG8\avgtray.exe
F:\Program\Razer\DeathAdder\razertra.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
F:\Program\Razer\DeathAdder\razerofa.exe
F:\Program\DAEMON Tools Pro\DTProAgent.exe
F:\Program\DAEMON Tools\DAEMON Tools Lite\daemon.exe
C:\Program\NCSoft\Launcher\NCLauncher.exe
F:\Program\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program\Personal\bin\Personal.exe
F:\Program\logitech\camstah\COCIManager.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program\Windows Live\Contacts\wlcomm.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\trend micro\Kamidamaru Kjellberg.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program\adobe\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program\logitech\camstah\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] F:\Program\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program\Quick time carp**\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program\DAEMON Tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "F:\Program\steam\Steam.exe" -silent
O4 - HKCU\..\Run: [CurseClient] C:\Program\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = F:\Program\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopet.../dev/gopets.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 8282 bytes


Things seem to be running fine, but quite honestly I am still a bit paranoid.

#8 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 October 2009 - 02:18 AM

Good Morning,

This entry needs to go, lets try removing it in Safemode with Hijackthis

O24 - Desktop Component 0: Privacy Protection - (no file)




To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode





Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean






Please download Malwarebytes' Anti-Malware from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#9 Kamidamaru

Kamidamaru

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 07 October 2009 - 09:24 PM

Sorry for the very long time it took me to get this reply to you but here are the logs asked for


The one from Malwarebytes'

Malwarebytes' Anti-Malware 1.41
Database version: 2904
Windows 5.1.2600 Service Pack 2

2009-10-08 05:22:27
mbam-log-2009-10-08 (05-22-27).txt

Scan type: Quick Scan
Objects scanned: 100630
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



And the HJT logfile made after going in to safemode and running TFC and malwarebytes'

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:23:40, on 2009-10-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
F:\Program\AVG\AVG8\avgrsx.exe
F:\Program\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
F:\Program\adobe\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe
C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe
F:\Program\logitech\camstah\QuickCam10.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
F:\Program\Razer\DeathAdder\razerhid.exe
C:\Program\Java\jre6\bin\jusched.exe
F:\Program\Itunes\iTunesHelper.exe
F:\Program\Razer\DeathAdder\razertra.exe
F:\Program\Razer\DeathAdder\razerofa.exe
F:\Program\AVG\AVG8\avgtray.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
F:\Program\DAEMON Tools Pro\DTProAgent.exe
F:\Program\DAEMON Tools\DAEMON Tools Lite\daemon.exe
F:\Program\steam\Steam.exe
F:\Program\logitech\camstah\COCIManager.exe
C:\Program\NCSoft\Launcher\NCLauncher.exe
F:\Program\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program\adobe\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program\logitech\camstah\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] F:\Program\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program\Quick time carp**\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program\DAEMON Tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "F:\Program\steam\Steam.exe" -silent
O4 - HKCU\..\Run: [CurseClient] C:\Program\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = F:\Program\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopet.../dev/gopets.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 8320 bytes

#10 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 October 2009 - 02:34 AM

Hi, This is still here. O24 - Desktop Component 0: Privacy Protection - (no file) Open up AVG and go to the Resident Shield and disable it, then remove that entry with HJT, reboot , run HJT and just take a look and see if its gone. Remember to re enable the Resident Shield

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#11 Kamidamaru

Kamidamaru

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 October 2009 - 12:30 AM

Hello again, sorry for the delay but was down and out since last reply pretty much :( I ran another HJT scan and tried to remove it but it was still there after I rebooted and whatnot, what sort of file is this anyways?

#12 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 October 2009 - 04:23 AM

Hi,

Its just a left over entry from malware.

Go to Start> Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck everything and delete everything except 'My Current Home Page'

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.



How are things running now ?

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#13 Kamidamaru

Kamidamaru

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 October 2009 - 10:18 AM

things are running just fine now and havent had the pc do any of those random things in a while so I guess its cleared out of malware, thanks for the help :notworthy:

#14 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 October 2009 - 03:07 PM

Your very welcome. Glad things are running well again. :thumbup:



Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


    • Posted Image

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .



Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#15 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 October 2009 - 07:51 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users