[Robin.J]

Hello.
This is my first post as a new member of this Forum.
I am from Sweden so i hope that you understand me and my easy English.

Today i got a problem with my computer, it says that something is called "Trojandownloader.xs" and it's in my computer, i guess it's a form of virus.
My backround is change into blue with a yellow and white text that says :
"Warning : Spyware Threat has been detected on your pc.
Your pc has several fatal errors due to spyware activity"
The problem is that i dont know how to delete it, so i hoped that someone here could help me out.

I'm not new into computers but i'm no expert on deleting virus, so i'm really glad if you could help me, and so if i can help you with the things you told me to do to get rid of this virus.

Best Regards / Robin

[Advertisements]

Hello Robin.J,

Welcome to Geeks to Go.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Octagonal]

Hello Robin.J,

Welcome to Geeks to Go.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Robin.J]

Hello Octagonal.
Thank you for the welcome

I was up all night long yesterday to find a solution for my problem, so i downloaded every spyware program that i find (almost).
And i'm not sure that the virus is gone, but i dont have any more warning of the virus.
Maybe you can take a look anyway and see if it's gone or if i have any other viruses that i dont know.

I'm really glad for you helping me, thanks a lot

Here is the "main.txt" and "extra.txt" :

Deckard's System Scanner v20071014.68
Run by Robin Johansson on 2008-06-08 10:39:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-06-08 08:39:09 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-06-08 08:35:33 UTC - RP5 - Software Distribution Service 3.0
4: 2008-06-07 21:28:01 UTC - RP4 - Removed SUPERAntiSpyware Free Edition
3: 2008-06-07 21:25:01 UTC - RP3 - Removed Freak Out - Extreme Freeride
2: 2008-06-07 21:24:22 UTC - RP2 - Removed Diskeeper Professional Premier Edition


-- First Restore Point --
1: 2008-06-07 21:21:46 UTC - RP1 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Robin Johansson.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:19, on 2008-06-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Spyware Doctor\svcntaux.exe
C:\Program\Hp\HP Software Update\HPWuSchd2.exe
C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe
C:\Program\Spyware Doctor\SDTrayApp.exe
C:\Windows\system32\ctfmon.exe
C:\Program\DAEMON Tools Lite\daemon.exe
C:\Program\Spyware Doctor\swdsvc.exe
C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program\HPQ\SHARED\HPQTOA~1.EXE
C:\Documents and Settings\Robin Johansson\Skrivbord\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program\TRENDM~1\HIJACK~1\Robin Johansson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SynTPStart] C:\Program\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155752997046
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\Windows\system32\pr2ahqjb.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Instalerade Program\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 7112 bytes

-- HijackThis Fixed Entries (C:\Program\TRENDM~1\HIJACK~1\backups\) ------------

backup-20080607-231404-479 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080607-231540-209 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080607-231540-614 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080607-231540-791 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080607-231540-977 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080607-231540-988 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080607-231744-133 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080607-231744-180 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080607-231744-240 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080607-231744-374 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080607-231744-443 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080607-231744-688 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080607-231744-695 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080607-231744-703 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080607-231744-827 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys

S2 hprmc - c:\windows\system32\drivers\hprmc.sys <Not Verified; Hewlett Packard; HP Upper Filter Driver for RMC Serial Communication>
S2 zserial - c:\windows\system32\drivers\zserial.sys <Not Verified; Hewlett Packard; HP Serial Communication Driver>
S3 btwmodem (Bluetooth-modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2601>
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "d:\instalerade program\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ROOT\LEGACY_NPF\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_NPF\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-01-27 14:21:41 422 --a------ C:\Windows\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-07 23:57:46 0 d--h----- C:\Windows\system32\GroupPolicy
2008-06-07 23:11:11 0 d-------- C:\Program\Trend Micro
2008-06-07 21:14:47 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-07 21:14:40 0 d-------- C:\Documents and Settings\Robin Johansson\Application Data\SUPERAntiSpyware.com
2008-06-07 20:55:11 0 d-------- C:\Program\SmitfraudFix
2008-06-07 20:35:39 2588 --a------ C:\Windows\system32\tmp.reg
2008-06-07 20:28:17 0 d-------- C:\Windows\Prefetch
2008-06-07 19:53:54 0 d-------- C:\Windows\system32\sv
2008-06-07 19:53:54 0 d-------- C:\Windows\system32\bits
2008-06-07 19:53:54 0 d-------- C:\Windows\l2schemas
2008-06-07 19:52:09 0 d-------- C:\Windows\ServicePackFiles
2008-06-07 19:48:07 0 d-------- C:\Windows\EHome
2008-06-07 18:50:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 18:27:28 0 d-------- C:\Documents and Settings\Robin Johansson\Application Data\Malwarebytes
2008-06-07 18:27:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 16:37:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 16:37:07 0 d-------- C:\Program\Spyware Doctor
2008-06-07 16:37:07 0 d-------- C:\Documents and Settings\Robin Johansson\Application Data\PC Tools
2008-06-07 14:52:52 0 d-------- C:\Windows\system32\1120
2008-06-07 14:52:51 55808 --a------ C:\Windows\portsv.exe
2008-06-07 13:40:10 0 d-------- C:\Windows\system32\winz
2008-06-07 13:40:10 0 d-------- C:\Windows\system32\kip
2008-06-07 13:40:06 0 d-------- C:\Windows\system32\20541
2008-06-07 13:40:04 0 d-------- C:\Windows\system32\vntiho06
2008-06-07 13:39:45 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-06-07 13:39:45 0 dr------- C:\Documents and Settings\LocalService\Favoriter
2008-06-07 13:17:53 24576 --a------ C:\Windows\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application>
2008-06-07 13:17:53 17151 --a------ C:\Windows\system32\ZDPNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-07 13:17:53 81920 --a------ C:\Windows\system32\ZDPN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-07 13:17:53 31744 --a------ C:\Windows\system32\drivers\ZDPSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-07 13:17:53 17664 --a------ C:\Windows\system32\drivers\ZDPSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-07 13:17:53 29184 --a------ C:\Windows\system32\drivers\BRGSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-07 13:17:53 20608 --a------ C:\Windows\system32\drivers\BRGSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-06-07 13:17:52 15872 --a------ C:\Windows\system32\InsDrvZD64.DLL <Not Verified; ; InsDrvZD Dynamic Link Library>
2008-06-07 13:17:52 28672 --a------ C:\Windows\system32\InsDrvZD.dll <Not Verified; ; InsDrvZD Dynamic Link Library>
2008-06-06 22:05:15 0 d-------- C:\Program\DAEMON Tools Lite
2008-06-06 22:02:44 0 d-------- C:\Documents and Settings\Robin Johansson\Application Data\DAEMON Tools
2008-06-06 21:37:57 0 d-------- C:\Program\The Witcher
2008-06-06 13:55:21 0 d-------- C:\Program\Microsoft Games
2008-06-06 12:47:06 0 d-------- C:\Documents and Settings\Robin Johansson\Application Data\GetRightToGo


-- Find3M Report ---------------------------------------------------------------

2008-06-08 10:35:01 444034 --a------ C:\Windows\system32\perfh01D.dat
2008-06-08 10:35:01 83496 --a------ C:\Windows\system32\perfc01D.dat
2008-06-07 23:28:03 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-06-07 19:54:08 0 d-------- C:\Program\Messenger
2008-06-07 19:53:54 0 d-------- C:\Program\Movie Maker
2008-06-07 19:52:00 0 d-------- C:\Program\Windows NT
2008-06-07 14:02:28 0 d-------- C:\Program\3COM
2008-06-07 13:17:52 0 d--h----- C:\Program\InstallShield Installation Information
2008-06-06 09:42:41 0 d-------- C:\Program\OpenAL
2008-06-06 09:16:01 0 d-------- C:\Program\Electronic Arts
2008-05-23 10:11:30 0 d-------- C:\Program\A2B Controller Software
2008-05-13 12:28:20 0 d-------- C:\Program\Steam
2008-05-01 12:03:07 0 d-------- C:\Documents and Settings\Robin Johansson\Application Data\Adobe
2008-05-01 11:25:13 0 d-------- C:\Program\MSXML 6.0
2008-05-01 11:03:19 0 d-------- C:\Program\MSBuild
2008-05-01 11:00:00 0 d-------- C:\Program\Reference Assemblies


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-04-15 17:26]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-04-15 18:26]
"nwiz"="nwiz.exe" [2006-04-15 18:26 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 14:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27]
"hpWirelessAssistant"="C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45]
"eabconfg.cpl"="C:\Program\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23]
"avast!"="C:\Program\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19]
"HP Software Update"="C:\Program\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-05-16 11:58]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58]
"ISUSPM"="C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 11:58]
"SynTPStart"="C:\Program\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29]
"SDTray"="C:\Program\Spyware Doctor\SDTrayApp.exe" [2008-06-07 16:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\system32\ctfmon.exe" [2008-04-14 18:05]
"DAEMON Tools Lite"="C:\Program\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
BTTray.lnk - C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe [2005-08-16 11:56:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\Windows\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-06-08 10:42:37 ------------











Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: Swedish

CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1022.04 MiB / 618.12 MiB
Pagefile Memory (total/avail): 2457.82 MiB / 1951.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.65 MiB

C: is Fixed (NTFS) - 66.65 GiB total, 17.79 GiB free.
D: is Fixed (NTFS) - 74.53 GiB total, 3.27 GiB free.
E: is Fixed (FAT32) - 6.86 GiB total, 1.45 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST98823AS - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 66.65 GiB - C:
\PARTITION1 - Unknown - 6.87 GiB - E:
\PARTITION2 - Unknown - 1027.6 MiB

\\.\PHYSICALDRIVE1 - ST98823AS - 74.53 GiB - 1 partition
\PARTITION0 - Installerbart filsystem - 74.53 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robin Johansson\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=BJORNE
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robin Johansson
LOGONSERVER=\\BJORNE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\DOCUME~1\ROBINJ~1\LOKALA~1\Temp
TMP=C:\DOCUME~1\ROBINJ~1\LOKALA~1\Temp
USERDOMAIN=BJORNE
USERNAME=Robin Johansson
USERPROFILE=C:\Documents and Settings\Robin Johansson
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Robin Johansson (admin)
Administratör (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUn041d.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A2B Aurora Controller Software --> "D:\Instalerade Program\A2B Aurora Controller Software\UninstallerData\Uninstall A2B Aurora Controller Software.exe"
A2B Controller Software --> MsiExec.exe /I{5C61D778-1FF5-463B-80CF-CAF237E5DBDA}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A00000000001}
avast! Antivirus --> C:\Program\Alwil Software\Avast4\aswRunDll.exe "C:\Program\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Call of Duty® 2 --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Call of Duty® 4 - Modern Warfare™ --> C:\Program\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Conexant HD Audio --> C:\Program\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpl30a5a.inf
Counter-Strike --> "C:\Program\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> D:\Instalerade Spel\Counter-Strike Source\Uninst.exe
EAX Unified --> C:\Windows\IsUninst.exe -f"C:\Program\Creative\EAX Unified\Uninst.isu"
Fable - The Lost Chapters --> C:\Program\DELADE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Freak Out - Extreme Freeride --> MsiExec.exe /I{C84A8C5F-6B15-4FE2-A9AA-16317CA1BED4}
GTA San Andreas --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
HighRoller --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B6F3282D-3782-4FBC-B6A6-2F68F382F2C7}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\Windows\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x1d -removeonly
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP TopTools Remote Control --> C:\WINDOWS\IsUninst.exe -f"C:\Program\Hewlett Packard\HP TopTools Remote Control Serial Driver\Uninst.isu"
HP User Guides--System Recovery --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x1d -removeonly
HP User Guides 0011 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1313740E-0072-4E2D-A628-DEFCD38B577A}\setup.exe" -l0x1d -removeonly
HP Wireless Assistant 2.00 C1 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x1d hpquninst
Intel® PRO Network Connections Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 2.52 Full --> "D:\Instalerade Program\K-Lite Codec Pack\unins000.exe"
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Mafia Game --> C:\Windows\system32\MafiaSetup.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{F4B620CE-4297-4140-B0C3-6D4E8A8EF0AB}
Mozilla Firefox (2.0.0.14) --> C:\Program\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MysticForest --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3F33EEE5-A176-4608-A81D-578472627695}\setup.exe" -l0x9 -removeonly
Need for Speed Underground 2 --> D:\Instalerade Spel\NFS Underground 2\EAUninstall.exe
Need for Speed™ Most Wanted --> D:\Instalerade Spel\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Need for Speed™ ProStreet --> MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
NVIDIA Drivers --> C:\Windows\system32\nvudisp.exe UninstallGUI
Oblivion --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL --> "C:\Program\OpenAL\OalinstGridRelease.exe" /U
Painkiller Overdose build 75 (NA) --> "D:\Instalerade Spel\DreamCatcher\Painkiller Overdose\Uninstall\unins000.exe"
PL-2303 USB-to-Serial --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
Quick Launch Buttons 5.20 G1 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x1d -uninst
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartAudio --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x1d -removeonly -S
Säkerhetsuppdatering för Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569) --> "C:\Windows\$NtUninstallKB941569$\spuninst\spuninst.exe"
Spyware Doctor 5.1 --> C:\Program\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
The Witcher --> "C:\Program\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Titan Quest --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Titan Quest Immortal Throne --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
TPTEST 5.0.2 --> "C:\Program\TPTEST5\unins000.exe"
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
VideoLAN VLC media player 0.8.6a --> D:\Instalerade Program\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "D:\Instalerade Program\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\Windows\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live inloggningsassistenten --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Messenger --> MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Presentation Foundation Language Pack (SVE) --> MsiExec.exe /X{0691B876-15B2-451B-AEA4-5653E40899C4}
Windows Workflow Foundation SV Language Pack --> MsiExec.exe /I{793C456F-EB0A-4164-BE77-B6D901F2C7E3}
Windows XP Service Pack 3 --> "C:\Windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR --> D:\Instalerade Program\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\Windows\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2501 / Error
Event Submitted/Written: 06/07/2008 11:24:59 PM
Event ID/Source: 11309 / MsiInstaller
Event Description:
Product: Freak Out - Extreme Freeride -- Error 1309. Error reading from file: D:\Instalerade Spel\JoWooD\Freak Out - Extreme Freeride\dx90c\DXSETUP.exe. System error 5. Verify that the file exists and that you can access it.

Event Record #/Type2500 / Error
Event Submitted/Written: 06/07/2008 11:24:59 PM
Event ID/Source: 11309 / MsiInstaller
Event Description:
Product: Freak Out - Extreme Freeride -- Error 1309. Error reading from file: D:\Instalerade Spel\JoWooD\Freak Out - Extreme Freeride\dx90c\DXSETUP.exe. System error 5. Verify that the file exists and that you can access it.

Event Record #/Type2469 / Error
Event Submitted/Written: 06/07/2008 08:16:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program svcntaux.exe, version 5.0.5.3, felaktig modul kernel32.dll, version 5.1.2600.3119, felaktig adress 0x00012a5b.
Mediespecifik händelse behandlas för [svcntaux.exe!ws!]

Event Record #/Type2436 / Error
Event Submitted/Written: 06/07/2008 08:50:31 AM
Event ID/Source: 11722 / MsiInstaller
Event Description:
Product: Ad-Aware -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action Trial_Activation, location: C:\Program\Lavasoft\Ad-Aware\tpactivate.exe, command: 71

Event Record #/Type2434 / Error
Event Submitted/Written: 06/07/2008 08:49:32 AM
Event ID/Source: 11722 / MsiInstaller
Event Description:
Product: Ad-Aware -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action Trial_Activation, location: C:\Program\Lavasoft\Ad-Aware\tpactivate.exe, command: 71



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24863 / Error
Event Submitted/Written: 06/08/2008 10:30:46 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjänsten zserial kunde inte startas på grund av följande fel:
%%1118

Event Record #/Type24862 / Error
Event Submitted/Written: 06/08/2008 10:30:46 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjänsten hprmc kunde inte startas på grund av följande fel:
%%20

Event Record #/Type24860 / Error
Event Submitted/Written: 06/08/2008 10:30:22 AM
Event ID/Source: 1002 / Dhcp
Event Description:
IP-adresslånet 192.168.1.3 för det nätverkskort som har nätverksadressen 0016D40749DC har
nekats av DHCP-servern 0.0.0.0 (DHCP-servern skickade ett DHCPNACK-meddelande).

Event Record #/Type24833 / Error
Event Submitted/Written: 06/07/2008 11:30:26 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjänsten zserial kunde inte startas på grund av följande fel:
%%1118

Event Record #/Type24832 / Error
Event Submitted/Written: 06/07/2008 11:30:26 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjänsten hprmc kunde inte startas på grund av följande fel:
%%20



-- End of Deckard's System Scanner: finished at 2008-06-08 10:42:37 ------------

[Octagonal]

Hi Robin,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.


F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,


Now close all windows other than HiJackThis (including any browser windows), then click Fix Checked.

You need to remove the older versions of Java, as they can be a target for another infection.
Please go to Start then Control Panel then Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9


Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\Windows\system32\iftuyszv.exe
  C:\Windows\system32\tmp.reg
  C:\Windows\portsv.exe
  C:\Windows\system32\hljwugsf.bin
  
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the computer did not reboot, then please restart the computer.

You may have already have downloaded and ran these programs, however, I would like to see the log files for each of the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please do an online scan with Kaspersky WebScanner

Please note: You must use Internet Explorer for this as it uses an ActiveX component.

This scan may take a while to complete, so please be patient and let it finish.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Select a target to scan; click on My Computer.
• The scan will take a while so be patient and let it run.
• Once the scan is complete choose the option to Save as Text.
• Save the file to your desktop.
• Copy and paste that information in your next post.

List of logs for your next reply:

• OTMoveIt results
• MBAM log
• Kaspersky results
• A fresh HijackThis log and let me know how your system is now behaving.

[Robin.J]

Thank you for all this help i get from you, i'm really glad for it

My computer run's without any warnings of viruses or spyware so i guess it works.
I will post the log's anyway if i have any other problem's in my computer or so.

(I have to say thank you again for helping me !)
I will post the log file's in this way :

* OTMoveIt results
* MBAM log
* Kaspersky results
* A fresh HijackThis log


File/Folder C:\Windows\system32\iftuyszv.exe not found.
C:\Windows\system32\tmp.reg moved successfully.
C:\Windows\portsv.exe moved successfully.
C:\Windows\system32\hljwugsf.bin moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06082008_191623






Malwarebytes' Anti-Malware 1.15
Database version: 841

21:45:07 2008-06-08
mbam-log-6-8-2008 (21-45-07).txt

Scan type: Quick Scan
Objects scanned: 36939
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 08, 2008 9:40:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/06/2008
Kaspersky Anti-Virus database records: 839572
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 160867
Number of viruses found: 8
Number of infected objects: 12
Number of suspicious objects: 4
Duration of the scan process: 01:37:04

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080608190256\backup\DOCUME~1\ROBINJ~1\LOKALA~1\Temp\bbti.exe Infected: Trojan.Win32.DNSChanger.ebg skipped
C:\Deckard\System Scanner\20080608190256\backup\DOCUME~1\ROBINJ~1\LOKALA~1\Temp\Downloader.exe Infected: Trojan-Downloader.Win32.Small.wxl skipped
C:\Deckard\System Scanner\20080608190256\backup\DOCUME~1\ROBINJ~1\LOKALA~1\Temp\mmonHJ.exe/data0006 Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\Deckard\System Scanner\20080608190256\backup\DOCUME~1\ROBINJ~1\LOKALA~1\Temp\mmonHJ.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip/win32e.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/window.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin Johansson\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Robin Johansson\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Robin Johansson\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin Johansson\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robin Johansson\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robin Johansson\ntuser.dat Object is locked skipped
C:\Documents and Settings\Robin Johansson\ntuser.dat.LOG Object is locked skipped
C:\Program\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C081D8E9-49AB-46CF-9F93-EACD55EE90BC}\RP10\change.log Object is locked skipped
C:\temp\dvzer6.exe/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\temp\dvzer6.exe/data0003 Infected: Trojan-Downloader.Win32.Small.wfv skipped
C:\temp\dvzer6.exe/data0004 Infected: not-a-virus:AdWare.Win32.ZenoSearch.bg skipped
C:\temp\dvzer6.exe NSIS: infected - 3 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winz\antilutx.exe Infected: Trojan-Downloader.Win32.Small.wfv skipped
C:\WINDOWS\Temp\Perflib_Perfdata_764.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\lee priest 13.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\Lee Priest 17 years old.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\lee priest 21.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\photo_587.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\ramboiii.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\Rambo_006.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\Robin.bmp Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\Robin.JPG Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\rocky-wallpaper-1-1024.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\rocky-wallpaper-2-1024.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\Stallone.JPG Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\stallone2.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\sylvester11.jpg Object is locked skipped
D:\Basshunter.-.Vi.sitter.i.Ventrilo.och.spelar.DotA.XviD-K3BAB\Screensaver Robin\Thumbs.db Object is locked skipped
D:\Filmer\Film-klipp\Audi 80 Coupe Super Burnout.mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - All I Have To Give .mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - Anywhere For You.mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - As So Long As You Love Me.mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - Everybody (Backstreet's Back).mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - I want it that way.mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - I'll Never Break Your Heart.mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - Just Want You To Know.mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - Larger Than Life (extd video mix)(MJ).mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - Shape Of My Heart.mpeg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Backstreet Boys - Show Me The Meaning Of Being Lonely.mpg Object is locked skipped
D:\Filmer\Film-klipp\Backstreet Boys\Thumbs.db Object is locked skipped
D:\Filmer\Film-klipp\Cars - Top Gear - Honda Civic and NSX TypeR.wmv Object is locked skipped
D:\Filmer\Film-klipp\Corvette Crash.mpeg Object is locked skipped
D:\Filmer\Film-klipp\Liquido - Narcotic.1.mpg Object is locked skipped
D:\Filmer\Film-klipp\Thumbs.db Object is locked skipped
D:\Filmer\Film-klipp\TWIN TURBO CORVETTE BEATS AN F18 HORNET.asf Object is locked skipped
D:\Filmer\Film-klipp\Viper vs. Corvette Funnycar Crash.mpeg Object is locked skipped
D:\Filmer\Film-klipp\Westlife\boa_&_westlife_-_flying_without_wings_[mv].mpg Object is locked skipped
D:\Filmer\Film-klipp\Westlife\Thumbs.db Object is locked skipped
D:\Filmer\Film-klipp\Westlife\Westlife - 21 - Mandy.mpg Object is locked skipped
D:\Filmer\Film-klipp\Westlife\Westlife - I have a dream.mpg Object is locked skipped
D:\Musik\Blandat\01-pink-u_and_ur_hand-osc.mp3 Object is locked skipped
D:\Musik\Blandat\02 - Metal Will Stand Tall.mp3 Object is locked skipped
D:\Musik\Blandat\02 - The Poodles - Metal Will Stand Tall.mp3 Object is locked skipped
D:\Musik\Blandat\02- Who Knew.mp3 Object is locked skipped
D:\Musik\Blandat\02-boyzone-father_and_son.mp3 Object is locked skipped
D:\Musik\Blandat\04. Pet Shop Boys - Minimal.mp3 Object is locked skipped
D:\Musik\Blandat\06 - N'Sync - This I Promise You.mp3 Object is locked skipped
D:\Musik\Blandat\09 - Candle In The Wind.mp3 Object is locked skipped
D:\Musik\Blandat\10 - Richard Marx - Hazard.mp3 Object is locked skipped
D:\Musik\Blandat\101_dj_dave_202_presents_impaxx_-_feel_(original_mix).mp3 Object is locked skipped
D:\Musik\Blandat\106 - Michael Bolton - How Am I Supposed To Live Without You.mp3 Object is locked skipped
D:\Musik\Blandat\112_yom_trax_-_the_sound .mp3 Object is locked skipped
D:\Musik\Blandat\112_yom_trax_-_the_sound.mp3 Object is locked skipped
D:\Musik\Blandat\14 - Yom Trax - The Sound [Paul Masterson Remix].mp3 Object is locked skipped
D:\Musik\Blandat\1dj_dave_202_presents_impaxx_-_feel_(original_mix).mp3 Object is locked skipped
D:\Musik\Blandat\Air_supply-making_love_out_of_nothing_at_all.mp3 Object is locked skipped
D:\Musik\Blandat\Alex M - So Free (Club Mix).mp3 Object is locked skipped
D:\Musik\Blandat\Celine Dion - It's All Coming Back To Me Now.mp3 Object is locked skipped
D:\Musik\Blandat\Christina Aguilera - Beautiful(1).mp3 Object is locked skipped
D:\Musik\Blandat\Down Under.mp3 Object is locked skipped
D:\Musik\Blandat\Elton John - Candle In The Wind 1997 (Princess Dianna).mp3 Object is locked skipped
D:\Musik\Blandat\Elton_John_-_05.Nikita.mp3 Object is locked skipped
D:\Musik\Blandat\Eros Ramazzotti - Un' altra te.mp3 Object is locked skipped
D:\Musik\Blandat\Green Day - Good Riddance(Time Of Your Life).mp3 Object is locked skipped
D:\Musik\Blandat\Ledin - 20. Snart Tystnar Musiken.mp3 Object is locked skipped
D:\Musik\Blandat\Martin Stenmarck - 7milakliv.mp3 Object is locked skipped
D:\Musik\Blandat\Men At Work - Business As Usual - 03 - Down Under.mp3 Object is locked skipped
D:\Musik\Blandat\So sick_Ne-Yo.mp3 Object is locked skipped
D:\Musik\Blandat\Stacie Orrico - More to life.mp3 Object is locked skipped
D:\Musik\Blandat\Toto - Africa.mp3 Object is locked skipped
D:\Musik\Blandat\Ultrabeat vs. Scott Brown - Elysium (I Go Crazy) Styles & Breeze Radio Mix.mp3 Object is locked skipped
D:\Program\Avast1\open.url Object is locked skipped
D:\Program\Avast1\Serial\Serial [ Avast 4 Pro 4.6.763 ].txt Object is locked skipped
D:\Program\Avast1\setupengpro.exe Object is locked skipped
D:\Program\TuneUp Utilities 2006 + Keygenerator\TuneUp Utilities 2006 Keygenerator.exe Object is locked skipped
D:\Program\TuneUp Utilities 2006 + Keygenerator\TuneUp Utilities 2006.exe Object is locked skipped
D:\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\SmitfraudFix.exe RAR: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:53, on 2008-06-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Hp\HP Software Update\HPWuSchd2.exe
C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\ctfmon.exe
C:\Program\DAEMON Tools Lite\daemon.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\HPQ\SHARED\HPQTOA~1.EXE
C:\Program\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SynTPStart] C:\Program\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155752997046
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\Windows\system32\pr2ahqjb.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Instalerade Program\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6746 bytes

[Octagonal]

Hi Robin,

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\temp\dvzer6.exe
  C:\WINDOWS\system32\winz\antilutx.exe

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Open Spybot - Search & Destroy and remove everything that is in the Recovery.

Now let's remove some other file and folders that were installed before and during the fix.

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Congratulations. Your log appears to be clean.

Please follow these Tips to prevent a possible infection or re-infection.

Download, install AND update the following free programs. It is important to keep all anti-malware programs updated. Please update at least once a week.

• Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

You should also have a good firewall. Here are 2 free ones available for personal use:

• Comodo Firewall
• ZoneAlarm

and a good antivirus (these are also free for personal use):

• Avira AntiVir Personal
• Avast Home Edition

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

[Robin.J]

THANK YOU ! For everything, this really helped and improved my computer speed.
I'm really glad for this expert helping from you.

I dont have any log left from OTMoveIt2, beacuse it as deleted when i pressed the CleanUp button, but the 2 file's was moved with no problems.
So now i have Spyware Doctor, Spybot - Search and Destroy, Avast Antivirus, ATF-Cleaner and the Comodo Firewall so i hope i will be free from viruses and othe stuff now with all this protection.
Thanks again for everything, you saved me and my computer

//Robin

Edited by Robin.J, 09 June 2008 - 05:12 AM.

[Octagonal]

Glad that I could help.

[Octagonal]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.