Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus Alert! [RESOLVED]

Started by patrik , Jul 11 2008 04:06 PM

This topic is locked

#1
patrik

Posted 11 July 2008 - 04:06 PM

New Member

Member
8 posts

Hi,

I dont know how this works, but if anyone can help me I will be extremely grateful!
It started with a lot of popups asking me to install different anti virus programs. When I restarted the screen first turned in to the Windows 'green field' wallpaper, after that it said 'starting windows' as normal. But nothing was normal... Icons gone or changed, explorer starting and stopping all the time, task manager 'disabled by administrator' etc. And the file structure was messed up. I have managed to fix some things, but far from all. I have run HiJackThis and ComboFix and give you the logs here.
Can anyone help me? I have a lot of my research on this computer, and some things are not backed up so I curse myself ......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46: VIRUS ALERT!, on 2008-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Dell\QuickSet\QuickSet.exe
C:\Program\Apoint\Apoint.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Notepad++\notepad++.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: sqvgnrpx - {DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [i8kfangui] C:\Program\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: fsrpknov - {B4292AB3-0B2A-4EA6-8F9C-A2EF4E757828} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {724BBE22-BB2B-49AF-9C9A-AC52821E44AE} - C:\WINDOWS\fdxbameg.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8653 bytes

----------------------------------------------------------------

ComboFix 08-07-09.5 - Patrik 2008-07-11 8:24:51.2 - NTFSx86
Running from: C:\Documents and Settings\Patrik\Skrivbord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Patrik\Favoriter\Error Cleaner.url
C:\Documents and Settings\Patrik\Favoriter\Privacy Protector.url
C:\Documents and Settings\Patrik\Favoriter\Spyware&Malware Protection.url
C:\Documents and Settings\Patrik\Skrivbord\Error Cleaner.url
C:\Documents and Settings\Patrik\Skrivbord\Privacy Protector.url
C:\Documents and Settings\Patrik\Skrivbord\Spyware&Malware Protection.url
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\enxw.exe
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\hRBHjkkj.ini
C:\WINDOWS\system32\hRBHjkkj.ini2

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-09 23:36 . 2008-07-11 08:13 <KAT> d--h----- C:\$AVG8.VAULT$
2008-07-09 23:14 . 2008-07-09 23:14 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-09 23:14 . 2008-07-09 23:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-09 23:13 . 2008-07-09 23:18 <KAT> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-09 23:13 . 2008-07-09 23:13 <KAT> d-------- C:\Program\AVG
2008-07-09 23:13 . 2008-07-09 23:13 <KAT> d-------- C:\Documents and Settings\Patrik\Application Data\AVGTOOLBAR
2008-07-09 22:50 . 2008-07-09 22:52 <KAT> d-------- C:\Documents and Settings\Patrik\.housecall6.6
2008-07-09 21:09 . 2008-07-09 21:09 <KAT> d-------- C:\Documents and Settings\LocalService.NT INSTANS\Application Data\TmpRecentIcons
2008-07-09 21:09 . 2008-07-09 21:09 <KAT> d-------- C:\Documents and Settings\LocalService.NT INSTANS\Application Data\Intel
2008-07-09 21:08 . 2008-07-09 21:08 <KAT> d-------- C:\Documents and Settings\LocalService.NT INSTANS\Start-meny
2008-07-09 21:08 . 2008-07-09 21:08 <KAT> d-------- C:\Documents and Settings\LocalService.NT INSTANS\Skrivbord
2008-07-09 21:08 . 2008-07-09 21:08 <KAT> dr------- C:\Documents and Settings\LocalService.NT INSTANS\Mina dokument
2008-07-09 21:08 . 2008-07-09 22:14 <KAT> dr------- C:\Documents and Settings\LocalService.NT INSTANS\Favoriter
2008-07-09 20:57 . 2008-07-09 20:57 318,208 --------- C:\WINDOWS\system32\jkkjHBRh.dll
2008-07-09 20:51 . 2008-07-09 20:51 29,568 --a------ C:\WINDOWS\system32\khfCttQk.dll
2008-07-09 20:51 . 2008-07-09 20:51 29,568 --a------ C:\WINDOWS\system32\geBtutuT.dll
2008-07-09 20:50 . 2008-07-09 20:50 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd
2008-07-09 20:50 . 2008-07-09 14:09 352,256 --a------ C:\WINDOWS\wbxdpgfedxa.dll
2008-07-09 14:11 . 2008-07-09 14:11 <KAT> d-------- C:\Documents and Settings\Patrik\Application Data\iShell
2008-07-09 11:26 . 2003-07-12 02:21 274,432 --a------ C:\WINDOWS\GSpot.exe
2008-07-09 11:26 . 2003-07-12 02:19 64,777 --a------ C:\WINDOWS\GSpot221.dat
2008-07-09 11:26 . 2001-10-30 08:10 11,264 --a------ C:\WINDOWS\msdmo.dll
2008-07-08 14:09 . 2008-07-08 14:09 <KAT> d-------- C:\WINDOWS\Microsoft.VC80.ATL
2008-07-08 14:09 . 2008-02-04 10:54 94,208 --a------ C:\WINDOWS\FunambolAddin.dll
2008-07-07 13:32 . 2008-07-09 13:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-07 13:32 . 2008-07-07 13:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-07 13:28 . 2008-07-10 22:35 63,783 --a------ C:\WINDOWS\system32\nvwsapps.xml
2008-07-07 13:27 . 2006-03-23 01:30 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-06 17:34 . 2008-07-06 17:36 <KAT> d-------- C:\Program\HyCam2
2008-07-05 21:42 . 2008-06-15 12:24 31,232 --a------ C:\WINDOWS\system\vdremote.dll
2008-07-05 21:42 . 2008-06-15 12:23 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
2008-07-05 18:10 . 2008-07-05 18:10 <KAT> d-------- C:\Documents and Settings\Patrik\Application Data\Agency9
2008-06-28 09:34 . 2008-07-09 23:13 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8
2008-06-21 20:21 . 2008-06-21 20:21 <KAT> d-------- C:\Documents and Settings\Patrik\Application Data\PCF-VLC
2008-06-21 20:15 . 2008-06-21 20:15 <KAT> d-------- C:\Documents and Settings\Patrik\Application Data\Participatory Culture Foundation
2008-06-21 20:13 . 2008-06-21 20:13 <KAT> d-------- C:\Program\Participatory Culture Foundation
2008-06-19 22:18 . 2008-06-19 22:20 <KAT> d-------- C:\Foto
2008-06-19 15:23 . 2008-06-19 15:23 <KAT> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-06-19 15:23 . 2008-06-16 00:11 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-13 01:19 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-12 22:29 . 2008-06-12 22:29 <KAT> d-------- C:\Documents and Settings\Patrik\Application Data\Sibelius Software
2008-06-12 22:28 . 2008-06-12 22:28 <KAT> d-------- C:\Program\Sibelius Software
2008-06-11 12:08 . 2008-06-11 12:08 <KAT> d-------- C:\Program\Neurobehavioral Systems
2008-06-11 12:08 . 2008-06-11 12:08 33,820 --a------ C:\WINDOWS\system32\drivers\OldUsbkey.sys
2008-06-11 12:07 . 2008-06-11 12:07 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-06-11 09:56 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:56 . 2008-06-14 20:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 21:31 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-07-10 21:30 --------- d-----w C:\Program\Spyware Doctor
2008-07-10 19:02 --------- d-----w C:\Documents and Settings\Patrik\Application Data\EndNote
2008-07-09 18:48 --------- d-----w C:\Documents and Settings\Patrik\Application Data\uTorrent
2008-07-09 08:49 --------- d-----w C:\Documents and Settings\Patrik\Application Data\dvdcss
2008-07-07 12:54 --------- d-----w C:\Documents and Settings\Patrik\Application Data\gtk-2.0
2008-07-06 13:59 --------- d-----w C:\Documents and Settings\Patrik\Application Data\DivX
2008-07-06 13:54 1,080 ----a-w C:\Program\up_down(360).txt
2008-07-05 19:36 --------- d--h--w C:\Program\InstallShield Installation Information
2008-06-28 09:57 --------- d-----w C:\Documents and Settings\Patrik\Application Data\Skype
2008-06-28 09:56 --------- d-----w C:\Documents and Settings\Patrik\Application Data\skypePM
2008-06-19 20:39 --------- d-----w C:\Documents and Settings\Patrik\Application Data\WinEdt
2008-06-19 13:23 --------- d-----w C:\Program\Delade filer\PC Tools
2008-06-13 09:28 --------- d-----w C:\Program\Delade filer\Risxtd
2008-06-11 12:37 --------- d-----w C:\Program\DivX
2008-06-11 10:08 86,016 ----a-w C:\WINDOWS\system32\KL2DLL32.DLL
2008-06-11 10:08 8,968 ----a-w C:\WINDOWS\system32\KL2DLL.DLL
2008-06-11 10:08 7,440 ----a-w C:\WINDOWS\system32\ppmon.dll
2008-06-11 10:08 24,136 ----a-w C:\WINDOWS\system32\ppmon.exe
2008-06-11 10:08 126,976 ----a-w C:\WINDOWS\system32\NWKL2_32.DLL
2008-06-11 10:08 12,480 ----a-w C:\WINDOWS\system32\KL2N.DLL
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-17 02:54 15,045 ----a-w C:\WINDOWS\E220AutoRunLog.tmp
2008-05-13 11:39 --------- d-----w C:\Documents and Settings\Patrik\Application Data\IObit
2008-05-13 11:33 --------- d-----w C:\Program\IObit
2008-05-07 22:49 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-07 22:49 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-07 05:16 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-26 01:14 3,118,860 ----a-w C:\Program\01 - Scuttle Buttin' [#].mp3
2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-22 13:01 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2004-12-13 20:19 13,312 ----a-w C:\Program\toclip.exe
2008-04-25 12:32 5,817,064 ----a-w C:\Program\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]
2008-07-09 20:51 29568 --a------ C:\WINDOWS\system32\khfCttQk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73DAB7FA-86EB-4E15-824C-6186FE450F72}]
2008-07-09 20:57 318208 --------- C:\WINDOWS\system32\jkkjHBRh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{874EA085-3B7B-412B-91AE-7291A94978D0}]
2008-07-09 14:09 352256 --a------ C:\WINDOWS\wbxdpgfedxa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}"= "C:\WINDOWS\sqvgnrpx.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{db62cc01-ecd2-492e-bce6-57b0ad8a8d59}]
[HKEY_CLASSES_ROOT\sqvgnrpx.1]
[HKEY_CLASSES_ROOT\TypeLib\{ABBAFC19-C497-4EC0-9A4D-E19C6C5CF8A3}]
[HKEY_CLASSES_ROOT\sqvgnrpx]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:35 5724184]
"i8kfangui"="C:\Program\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 18:58 856064]
"WinSpywareProtect"="C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" [2008-07-09 20:51 1241600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"IntelWireless"="C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-22 23:32 7561216]
"Dell QuickSet"="C:\Program\Dell\QuickSet\QuickSet.exe" [2006-06-29 13:13 1032192]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2004-09-13 11:33 155648]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ISUSPM Startup"="C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-07-09 23:13 1232152]
"nwiz"="nwiz.exe" [2006-03-22 23:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-22 23:32 73728 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2006-03-22 23:32 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}"= "C:\WINDOWS\system32\khfCttQk.dll" [2008-07-09 20:51 29568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {B4292AB3-0B2A-4EA6-8F9C-A2EF4E757828} - C:\WINDOWS\fsrpknov.dll [BU]
"fdxbameg"= {724BBE22-BB2B-49AF-9C9A-AC52821E44AE} - C:\WINDOWS\fdxbameg.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 C:\Program\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCttQk]
2008-07-09 20:51 29568 C:\WINDOWS\system32\khfCttQk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"= sfvmr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-07-09 23:13 1232152 C:\Program\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
--a------ 2005-02-08 06:00 98304 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\uTorrent\\utorrent.exe"=
"C:\\Program\\Mozilla Firefox\\firefox.exe"=
"C:\\Program\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program\\Internet Explorer\\iexplore.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Project\\Cpp\\Sound Feedback\\UDP\\server\\Debug\\server.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"C:\\Program\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46672:TCP"= 46672:TCP:uTorrent
"46678:TCP"= 46678:TCP:utorrent
"27015:UDP"= 27015:UDP:eget program
"1024:UDP"= 1024:UDP:eget program 2
"33515:TCP"= 33515:TCP:Windows Update Service Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 23:14]
R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 11:05]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-16 00:11]
R1 sfvmr;sfvmr;C:\WINDOWS\system32\drivers\sfvmr.SYS [1998-06-30 14:28]
R2 avg8wd;AVG Free8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-07-09 23:13]
R2 NBSPortDriver;NBSPortDriver;C:\WINDOWS\system32\DRIVERS\NBSPortDriver.sys [2007-05-21 10:48]
R2 P1090CDI;Camera Driver Interface Service;C:\WINDOWS\system32\DRIVERS\P1090Cdi.sys [2002-09-16 02:00]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 16:49]
S3 BCMTPM;BCMTPM;C:\WINDOWS\system32\DRIVERS\btpmw32.sys [2004-08-13 13:52]
S3 N;N;C:\Program\NewTech Infosystems\NTI Ripper\DJ\ []
S3 P1090VID;Creative WebCam Mobile;C:\WINDOWS\system32\DRIVERS\P1090Vid.sys [2002-10-10 02:00]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;C:\Program\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 09:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5455f274-1fb9-11dd-b39d-0012f0a1e4ff}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CloneCDTray - C:\Program\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-HUAWEI E620 Data Card - C:\Program\Kanguru\Kanguru.exe
MSConfigStartUp-SDTray - C:\Program\Spyware Doctor\SDTrayApp.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 09:02:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N]
"ImagePath"="\??\C:\Program\NewTech Infosystems\NTI Ripper\DJ\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\khfCttQk.dll
.
Completion time: 2008-07-11 9:12:47
ComboFix-quarantined-files.txt 2008-07-11 07:09:30

Pre-Run: 11,529,027,584 byte ledigt
Post-Run: 11,517,079,552 byte ledigt

270 --- E O F --- 2008-06-22 11:02:39

Thanks!!!!!!!!!
Patrik

#2
andrewuk

Posted 11 July 2008 - 04:57 PM

Trusted Helper

Malware Removal
5,297 posts

Hi patrik

welcome to geekstogo

seems you have a few infections there. in this post we will remove some, do a scan for an infection i think you have and pull down a couple more logs for me to analyse.

====STEP 1====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

====STEP 2====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

====STEP 3====
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

====STEP 4====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next reply could i see:
1. the malwarebytes log
2. the smitfraudfix log
3. the 2 DSS logs (though there may only be one)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

feel free to post the logs as you get them, i will wait for the DSS logs before i proceed

andrewuk

#3
patrik

Posted 12 July 2008 - 08:22 AM

New Member

Topic Starter
Member
8 posts

Thank you soooo much. I can not tell you how much I appreciate the help! I think its absolutely amazing to get this kind of expertise for free, just from nice people. Thanks again!
Now to business.

-------------------- Malwarebytes log -----------------------------------------

Malwarebytes' Anti-Malware 1.20
Database version: 930
Windows 5.1.2600 Service Pack 2

15:48:23 2008-07-12
mbam-log-7-12-2008 (15-48-23).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 296519
Time elapsed: 1 hour(s), 52 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 6
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jkkjHBRh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\khfCttQk.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de063dbd-ab72-4b46-9a37-7442208ef2cf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{de063dbd-ab72-4b46-9a37-7442208ef2cf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{684bfe7f-f5b2-4ab3-a95e-eb5036a2d286} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684bfe7f-f5b2-4ab3-a95e-eb5036a2d286} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfcttqk (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4a662651-4d1a-4fbb-8a9e-f63d45790c5e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{874ea085-3b7b-412b-91ae-7291a94978d0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{874ea085-3b7b-412b-91ae-7291a94978d0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.baql (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winspywareprotect (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{684bfe7f-f5b2-4ab3-a95e-eb5036a2d286} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkjhbrh -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkjhbrh -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarerefer...=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\jkkjHBRh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hRBHjkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hRBHjkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080709230819140.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080710204735796.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080710225116171.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080712131556968.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\EMPTIES.BAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtutuT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCttQk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\wbxdpgfedxa.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

----------------------- SmitFraud log ---------------------------------------------------------------------------------------

SmitFraudFix v2.329

Scan done at 15:56:38,93, 2008-07-12
Run from C:\Documents and Settings\Patrik\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Dell\QuickSet\QuickSet.exe
C:\Program\Apoint\Apoint.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Apoint\Apntex.exe
C:\Program\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrik

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrik\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Patrik\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/Wireless 2200BG Network Connection - Miniport för paketschemaläggning
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 62.179.104.196
DNS Server Search Order: 212.142.28.69

HKLM\SYSTEM\CCS\Services\Tcpip\..\{25EA7AC7-0D90-4228-AA24-F2D3F4E019EE}: DhcpNameServer=192.168.2.1 62.179.104.196 212.142.28.69
HKLM\SYSTEM\CS1\Services\Tcpip\..\{25EA7AC7-0D90-4228-AA24-F2D3F4E019EE}: DhcpNameServer=192.168.2.1 62.179.104.196 212.142.28.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{25EA7AC7-0D90-4228-AA24-F2D3F4E019EE}: DhcpNameServer=192.168.2.1 62.179.104.196 212.142.28.69
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 62.179.104.196 212.142.28.69
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 62.179.104.196 212.142.28.69
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 62.179.104.196 212.142.28.69

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

--------------------------------- DSS main.txt ---------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Patrik on 2008-07-12 16:00:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
18: 2008-07-12 14:00:48 UTC - RP288 - Deckard's System Scanner Restore Point
17: 2008-07-12 11:32:17 UTC - RP287 - Software Distribution Service 3.0
16: 2008-07-11 14:48:45 UTC - RP286 - Last known good configuration
15: 2008-07-11 14:47:53 UTC - RP285 - ComboFix created restore point
14: 2008-07-11 14:47:52 UTC - RP284 - Installed AVG Free 8.0

-- First Restore Point --
1: 2008-07-11 14:47:36 UTC - RP271 - Removed AVG Free 8.0

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 10.68 GiB (less than 15%) free.

-- HijackThis (run as Patrik.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:39, on 2008-07-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Dell\QuickSet\QuickSet.exe
C:\Program\Apoint\Apoint.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Apoint\Apntex.exe
C:\Program\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Patrik\Skrivbord\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Patrik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: sqvgnrpx - {DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [i8kfangui] C:\Program\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8688 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 fanio (FanIO driver) - c:\windows\system32\drivers\fanio.sys <Not Verified; Christian Diefer; fanio.sys>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 sfvmr - c:\windows\system32\drivers\sfvmr.sys <Not Verified; Sonic Foundry, Inc.; Sonic Foundry Virtual MIDI Router>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 hwdatacard (Huawei DataCard USB Modem and USB Serial) - c:\windows\system32\drivers\ewusbmdm.sys <Not Verified; Huawei Technologies Co., Ltd.; Huawei Technologies Co., Ltd. USB Modem/Serial Device Driver>
S3 N - c:\program\newtech infosystems\nti ripper\dj\ (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

S3 FLEXnet Licensing Service - "c:\program\delade filer\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NBService - c:\program\nero\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 15:56:42 2872 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 13:21:26 0 d-------- C:\Documents and Settings\Patrik\Application Data\Malwarebytes
2008-07-12 13:21:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-07-12 13:21:18 0 d-------- C:\Program\Malwarebytes' Anti-Malware
2008-07-10 21:55:57 68096 --a------ C:\WINDOWS\zip.exe
2008-07-10 21:55:57 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-10 21:55:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-10 21:55:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-10 21:55:57 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-10 21:55:57 98816 --a------ C:\WINDOWS\sed.exe
2008-07-10 21:55:57 80412 --a------ C:\WINDOWS\grep.exe
2008-07-10 21:55:57 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-10 21:55:02 0 d-------- C:\Documents and Settings\Patrik\Start Menu
2008-07-09 23:36:37 0 d--h----- C:\$AVG8.VAULT$
2008-07-09 23:13:55 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-09 23:13:54 0 d-------- C:\Documents and Settings\Patrik\Application Data\AVGTOOLBAR
2008-07-09 23:13:16 0 d-------- C:\Program\AVG
2008-07-09 22:50:55 0 d-------- C:\Documents and Settings\Patrik\.housecall6.6
2008-07-09 21:09:52 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Application Data\Intel
2008-07-09 21:09:13 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Application Data\TmpRecentIcons
2008-07-09 21:08:42 0 d--h----- C:\Documents and Settings\LocalService.NT INSTANS\SendTo
2008-07-09 21:08:23 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Application Data\Identities
2008-07-09 21:08:03 0 dr------- C:\Documents and Settings\LocalService.NT INSTANS\Mina dokument
2008-07-09 21:08:00 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Start-meny
2008-07-09 21:08:00 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Skrivbord
2008-07-09 21:08:00 0 dr------- C:\Documents and Settings\LocalService.NT INSTANS\Favoriter
2008-07-09 21:06:36 0 dr-h----- C:\Documents and Settings\LocalService.NT INSTANS\Recent
2008-07-09 20:57:12 318208 -----n--- C:\WINDOWS\system32\jkkjHBRh.dll
2008-07-09 20:51:15 29568 -----n--- C:\WINDOWS\system32\khfCttQk.dll
2008-07-09 14:11:29 0 d-------- C:\Documents and Settings\Patrik\Application Data\iShell
2008-07-09 11:26:28 11264 --a------ C:\WINDOWS\msdmo.dll
2008-07-09 11:26:28 64777 --a------ C:\WINDOWS\GSpot221.dat
2008-07-09 11:26:28 274432 --a------ C:\WINDOWS\GSpot.exe <Not Verified; GSpot Appliance Corp, a unit of GSp0t Heavy Industries; GSpot Codec Information Appliance>
2008-07-08 14:09:47 0 d-------- C:\WINDOWS\Microsoft.VC80.ATL
2008-07-08 14:09:47 94208 --a------ C:\WINDOWS\FunambolAddin.dll <Not Verified; Funambol; FunambolAddin Module>
2008-07-06 17:34:55 0 d-------- C:\Program\HyCam2
2008-07-05 21:42:07 25088 --a------ C:\WINDOWS\system\vdsvrlnk.dll <Not Verified; ; VirtualDub>
2008-07-05 21:42:07 31232 --a------ C:\WINDOWS\system\vdremote.dll <Not Verified; ; VirtualDub>
2008-07-05 18:10:29 0 d-------- C:\Documents and Settings\Patrik\Application Data\Agency9
2008-06-28 09:34:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8
2008-06-21 20:21:02 0 d-------- C:\Documents and Settings\Patrik\Application Data\PCF-VLC
2008-06-21 20:15:02 0 d-------- C:\Documents and Settings\Patrik\Application Data\Participatory Culture Foundation
2008-06-21 20:13:13 0 d-------- C:\Program\Participatory Culture Foundation
2008-06-19 22:18:46 0 d-------- C:\Foto
2008-06-19 15:23:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-06-12 22:29:26 0 d-------- C:\Documents and Settings\Patrik\Application Data\Sibelius Software
2008-06-12 22:28:23 0 d-------- C:\Program\Sibelius Software

-- Find3M Report ---------------------------------------------------------------

2008-07-10 23:30:43 0 d-------- C:\Program\Spyware Doctor
2008-07-10 21:02:21 0 d-------- C:\Documents and Settings\Patrik\Application Data\EndNote
2008-07-09 20:48:26 0 d-------- C:\Documents and Settings\Patrik\Application Data\uTorrent
2008-07-09 10:49:39 0 d-------- C:\Documents and Settings\Patrik\Application Data\dvdcss
2008-07-08 23:14:05 11832 --a------ C:\WINDOWS\system32\nvModes.dat
2008-07-07 14:54:07 0 d-------- C:\Documents and Settings\Patrik\Application Data\gtk-2.0
2008-07-06 15:59:51 0 d-------- C:\Documents and Settings\Patrik\Application Data\DivX
2008-07-06 15:54:40 1080 --a------ C:\Program\up_down(360).txt
2008-07-05 21:36:47 0 d--h----- C:\Program\InstallShield Installation Information
2008-06-28 11:57:28 0 d-------- C:\Documents and Settings\Patrik\Application Data\Skype
2008-06-28 11:56:52 0 d-------- C:\Documents and Settings\Patrik\Application Data\skypePM
2008-06-21 20:01:07 0 d-------- C:\Documents and Settings\Patrik\Application Data\Mozilla
2008-06-19 22:39:06 0 d-------- C:\Documents and Settings\Patrik\Application Data\WinEdt
2008-06-19 15:23:35 0 d-------- C:\Program\Delade filer\PC Tools
2008-06-17 12:53:37 438454 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-06-17 12:53:37 80220 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-06-13 11:28:53 0 d-------- C:\Program\Delade filer\Risxtd
2008-06-11 14:37:57 0 d-------- C:\Program\DivX
2008-06-11 12:08:30 24136 --a------ C:\WINDOWS\system32\ppmon.exe
2008-06-11 12:08:30 7440 --a------ C:\WINDOWS\system32\ppmon.dll
2008-06-11 12:08:30 126976 --a------ C:\WINDOWS\system32\NWKL2_32.DLL <Not Verified; KEYLOK; >
2008-06-11 12:08:30 12480 --a------ C:\WINDOWS\system32\KL2N.DLL
2008-06-11 12:08:30 86016 --a------ C:\WINDOWS\system32\KL2DLL32.DLL <Not Verified; KEYLOK; >
2008-06-11 12:08:30 8968 --a------ C:\WINDOWS\system32\KL2DLL.DLL
2008-06-11 12:08:06 0 d-------- C:\Program\Neurobehavioral Systems
2008-06-11 12:07:21 0 d-------- C:\Program\Delade filer
2008-06-11 12:07:21 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-06-10 10:46:45 5044 --a------ C:\Documents and Settings\Patrik\Application Data\mainhst.zgh
2008-05-31 01:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 00:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 13:39:36 0 d-------- C:\Documents and Settings\Patrik\Application Data\IObit
2008-05-13 13:33:35 0 d-------- C:\Program\IObit
2008-05-08 21:57:20 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-04-26 03:14:34 3118860 --a------ C:\Program\01 - Scuttle Buttin' [#].mp3

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-07-09 23:13 2055960 --a------ C:\Program\AVG\AVG8\avgtoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-22 23:32]
"nwiz"="nwiz.exe" [2006-03-22 23:32 C:\WINDOWS\system32\nwiz.exe]
"Dell QuickSet"="C:\Program\Dell\QuickSet\QuickSet.exe" [2006-06-29 13:13]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2004-09-13 11:33]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"ISUSPM Startup"="C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"NVHotkey"="nvHotkey.dll" [2006-03-22 23:32 C:\WINDOWS\system32\nvhotkey.dll]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24]
"NvMediaCenter"="NvMCTray.dll" [2006-03-22 23:32 C:\WINDOWS\system32\nvmctray.dll]
"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-07-09 23:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35]
"i8kfangui"="C:\Program\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 18:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\Program\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S216.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=2 (0x2)
"avg8wd"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5455f274-1fb9-11dd-b39d-0012f0a1e4ff}]
AutoRun\command- E:\AutoRun.exe

-- End of Deckard's System Scanner: finished at 2008-07-12 16:03:15 ------------

----------------------------------- DSS extra.txt -------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: Intel® Pentium® M processor 2.13GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1023.39 MiB / 613.18 MiB
Pagefile Memory (total/avail): 2460.52 MiB / 2178.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.96 MiB

C: is Fixed (NTFS) - 74.45 GiB total, 10.68 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080AH - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 78.41 MiB
\PARTITION1 (bootable) - Installerbart filsystem - 74.45 GiB - C:

\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 249.98 MiB - E:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: Spyware Doctor with AntiVirus v (PC Tools) Disabled
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\uTorrent\\utorrent.exe"="C:\\Program\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program\\Mozilla Firefox\\firefox.exe"="C:\\Program\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program\\VideoLAN\\VLC\\vlc.exe"="C:\\Program\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program\\Internet Explorer\\iexplore.exe"="C:\\Program\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"="C:\\Program\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe:*:Disabled:MATLAB"
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Project\\Cpp\\Sound Feedback\\UDP\\server\\Debug\\server.exe"="C:\\Project\\Cpp\\Sound Feedback\\UDP\\server\\Debug\\server.exe:*:Enabled:server"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program\\AVG\\AVG8\\avgupd.exe"="C:\\Program\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Patrik\Application Data
CLASSPATH=.;C:\Program\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=PATRIK-LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
DRIN_DUMP_PATH=C:\Project\fMRI-BCI\Matlab\MatlabDRIN\Output
DXSDK_DIR=C:\Program\Microsoft DirectX SDK (March 2008)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Patrik
INCLUDE=C:\Program\Microsoft Visual Studio\VC98\atl\include;C:\Program\Microsoft Visual Studio\VC98\mfc\include;C:\Program\Microsoft Visual Studio\VC98\include
LIB=C:\Program\Microsoft Visual Studio\VC98\mfc\lib;C:\Program\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\PATRIK-LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program\Microsoft DirectX SDK (March 2008)\Utilities\Bin\x86;C:\Latex\MiKTeX 2.6\miktex\bin;c:\Program\sybase\OCS-12_5\dll;c:\Program\sybase\OCS-12_5\lib3p;c:\Program\sybase\OCS-12_5\bin;C:\Program\ZipGenius 6;C:\Program\Delade filer\GTK\2.0\bin;C:\Program\QuickTime\QTSystem;C:\Program\MATLAB\R2007b\bin;C:\Program\MATLAB\R2007b\bin\win32;C:\Program\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program\Microsoft Visual Studio\Common\Tools;C:\Program\Microsoft Visual Studio\VC98\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program
PROMPT=$P$G
QTJAVA=C:\Program\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SYBASE=c:\Program\sybase
SYBASE_JRE=c:\Program\sybase\shared-1_0\jre1.2.2
SYBASE_OCS=OCS-12_5
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Patrik\LOKALA~1\Temp
TMP=C:\DOCUME~1\Patrik\LOKALA~1\Temp
USERDOMAIN=PATRIK-LAPTOP
USERNAME=Patrik
USERPROFILE=C:\Documents and Settings\Patrik
VS90COMNTOOLS=C:\Program\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Patrik (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program\Delade filer\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program\Delade filer\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ALPS Touch Pad Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
µTorrent --> "C:\Program\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Program\Audacity\unins000.exe"
AVG Free 8.0 --> C:\Program\AVG\AVG8\setup.exe /UNINSTALL
BrainVoyager Brain Tutor --> MsiExec.exe /X{75D70AF4-E26A-4BE0-8C3F-E4A264B5AD72}
Broadcom Driver v4.170.25.19_Foxconn Installation Program --> C:\Program\InstallShield Installation Information\{88410D8F-8529-492B-B556-2394A29B811B}\setup.exe -runfromtemp -l0x0009 -removeonly
C-Major Audio --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x1d -remove -removeonly
Dell ResourceCD --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
DivX Codec --> C:\Program\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EndNote X1 --> MsiExec.exe /I{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}
Enigma --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}\setup.exe" -l0x9 -removeonly
EPSON Copy Utility 3 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program\epson\escndv\setup\setup.exe /r
ESDX3800 User's Guide --> C:\Program\EPSON\TPMANUAL\ESDX3800\USE_G\DOCUNINS.EXE
File Renamer - Basic --> C:\WINDOWS\File Renamer - Basic Uninstaller.exe
GIMP 2.4.5 --> "C:\Program\GIMP-2.0\setup\unins000.exe"
GiPo@MoveOnBoot 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
GPL Ghostscript 8.56 --> c:\latex\gs\uninstgs.exe "c:\latex\gs\gs8.56\uninstal.txt"
GPL Ghostscript Fonts --> c:\latex\gs\uninstgs.exe "c:\latex\gs\fonts\uninstal.txt"
GSplit 2.1 --> C:\Program\GSplit\Uninst.exe
GSview 4.8 --> C:\Latex\Ghostgum\gsview\uninstgs.exe "C:\Latex\Ghostgum\gsview\uninstal.txt"
GTK+ 2.10.13 runtime environment --> "C:\Program\Delade filer\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /u

#4
andrewuk

Posted 12 July 2008 - 09:23 AM

Trusted Helper

Malware Removal
5,297 posts

Hi patrik

in this post we will clear out the malware i can see, fix your file associations and run another couple of scans to see what else is on your machine.

the scans will likely take 3 hours, quite possibly much longer. so just let them run.

it is more than likely that the logs will take up more space than you can copy into one post (you last DSS log got cut off in the last post), therefore you may need to post over 2 or more posts to get all the information in.

a quick question, you machine is set up to not allow you to open Display in the control panel, is this meant to be the case?

====STEP 1====
Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\WINDOWS\sqvgnrpx.dll
C:\WINDOWS\system32\jkkjHBRh.dll
C:\WINDOWS\system32\khfCttQk.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}
HKEY_CLASSES_ROOT\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5455f274-1fb9-11dd-b39d-0012f0a1e4ff}
EmptyTemp
purity 
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

====STEP 2====
click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /daft
This will open up Deckard's File Association Tool

Click on the Scan button.
Select everything it is displaying there
Click the Fix button.
Then rescan with DAFT again - it should say now that "All associations are OK"
Close DAFT if you receive that message. This means that it is fixed now.

if that does not work then Please download DAFT and save it to your desktop and Double-click the daft.exe icon, and then follow the above instructions from "Click on the Scan button"

====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

====STEP 4====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

====STEP 5====
could you run DSS again by double-clicking the DSS icon on your desktop. only one report will be produced this time.

====STEP 6====
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

In your next reply could i see:
1. the answer to the Display question
2. the SUPERantispyware log
3. the kaspersky log
4. the DSS log
5. the uninstall list

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#5
patrik

Posted 13 July 2008 - 12:34 PM

New Member

Topic Starter
Member
8 posts

Thanks again! Incredibly nice!

It took a looong time to run the SuperAntiSpyware, but I believe it was because of SpywareDoctor. When I turned it off it started going in normal speed.

You asked:
"a quick question, you machine is set up to not allow you to open Display in the control panel, is this meant to be the case?"
This is not a setting I have made (or noticed actually). I have the Swedish Windows version, could it be something silly like this?

By the way, do you know if SpywareDoctor has a memory leak? It eats up all the memory sometimes.

Here are the things you asked for: (PART 1)

---------------------- OTmoveit --------------------------------------------------------------------------------

Explorer killed successfully
File/Folder C:\WINDOWS\sqvgnrpx.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\jkkjHBRh.dll
C:\WINDOWS\system32\jkkjHBRh.dll NOT unregistered.
C:\WINDOWS\system32\jkkjHBRh.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\khfCttQk.dll
C:\WINDOWS\system32\khfCttQk.dll NOT unregistered.
C:\WINDOWS\system32\khfCttQk.dll moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} >
Registry key HKEY_CLASSES_ROOT\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}\\ not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5455f274-1fb9-11dd-b39d-0012f0a1e4ff} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5455f274-1fb9-11dd-b39d-0012f0a1e4ff}\\ deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Patrik\LOKALA~1\Temp\~DF8ED6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrik\LOKALA~1\Temp\~DF8EEA.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_183324

Files moved on Reboot...
File C:\DOCUME~1\Patrik\LOKALA~1\Temp\~DF8ED6.tmp not found!
File C:\DOCUME~1\Patrik\LOKALA~1\Temp\~DF8EEA.tmp not found!

------------------------------ SUPERAntiSpyware --------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/13/2008 at 01:40 PM

Application Version : 4.15.1000

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type : Complete Scan
Total Scan Time : 18:23:43

Memory items scanned : 493
Memory threats detected : 0
Registry items scanned : 6087
Registry threats detected : 0
File items scanned : 243351
File threats detected : 0

Adware.Tracking Cookie
.doubleclick.net [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
ad1.emediate.dk [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
ad1.emediate.dk [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Patrik Andersson\Application Data\Mozilla\Firefox\Profiles\mc5slecc.default\cookies.txt ]

#6
patrik

Posted 13 July 2008 - 01:02 PM

New Member

Topic Starter
Member
8 posts

(PART 2)

The KASPERSKY ONLINE SCANNER REPORT is incredibly long. (9000 lines)
But most infected objects says 'Object is locked skipped' . I guess this means its not a bad thing(?)
I send you the part of the REPORT-file that I guessed is important. Please tell me if you need all of it.
I will have to split it up into many replies.

--------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 13, 2008 7:57:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/07/2008
Kaspersky Anti-Virus database records: 948721
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 255784
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 04:34:59

Infected Object Name / Virus Name / Last Action

.
.
.

C:\Documents and Settings\Patrik\Skrivbord\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Patrik\Skrivbord\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Patrik\Skrivbord\SmitfraudFix.exe RAR: infected - 1 skipped

.
.
.

Scan process completed.

------------------------- DSS log ----------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Patrik on 2008-07-13 20:15:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.71 GiB (less than 15%) free.

-- HijackThis (run as Patrik.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:03, on 2008-07-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\Program\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Dell\QuickSet\QuickSet.exe
C:\Program\Apoint\Apoint.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Apoint\Apntex.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program\uTorrent\uTorrent.exe
C:\Documents and Settings\Patrik\Skrivbord\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Patrik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [i8kfangui] C:\Program\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8938 bytes

-- Files created between 2008-06-13 and 2008-07-13 -----------------------------

2008-07-13 15:11:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-07-13 15:11:09 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-13 15:11:08 0 d-------- C:\WINDOWS\LastGood
2008-07-12 19:08:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-07-12 19:07:56 0 d-------- C:\Program\SUPERAntiSpyware
2008-07-12 19:07:56 0 d-------- C:\Documents and Settings\Patrik\Application Data\SUPERAntiSpyware.com
2008-07-12 15:56:42 2872 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 13:21:26 0 d-------- C:\Documents and Settings\Patrik\Application Data\Malwarebytes
2008-07-12 13:21:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-07-12 13:21:18 0 d-------- C:\Program\Malwarebytes' Anti-Malware
2008-07-10 21:55:57 68096 --a------ C:\WINDOWS\zip.exe
2008-07-10 21:55:57 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-10 21:55:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-10 21:55:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-10 21:55:57 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-10 21:55:57 98816 --a------ C:\WINDOWS\sed.exe
2008-07-10 21:55:57 80412 --a------ C:\WINDOWS\grep.exe
2008-07-10 21:55:57 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-10 21:55:02 0 d-------- C:\Documents and Settings\Patrik\Start Menu
2008-07-09 23:36:37 0 d--h----- C:\$AVG8.VAULT$
2008-07-09 23:13:55 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-09 23:13:54 0 d-------- C:\Documents and Settings\Patrik\Application Data\AVGTOOLBAR
2008-07-09 23:13:16 0 d-------- C:\Program\AVG
2008-07-09 22:50:55 0 d-------- C:\Documents and Settings\Patrik\.housecall6.6
2008-07-09 21:09:52 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Application Data\Intel
2008-07-09 21:09:13 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Application Data\TmpRecentIcons
2008-07-09 21:08:42 0 d--h----- C:\Documents and Settings\LocalService.NT INSTANS\SendTo
2008-07-09 21:08:23 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Application Data\Identities
2008-07-09 21:08:03 0 dr------- C:\Documents and Settings\LocalService.NT INSTANS\Mina dokument
2008-07-09 21:08:00 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Start-meny
2008-07-09 21:08:00 0 d-------- C:\Documents and Settings\LocalService.NT INSTANS\Skrivbord
2008-07-09 21:08:00 0 dr------- C:\Documents and Settings\LocalService.NT INSTANS\Favoriter
2008-07-09 21:06:36 0 dr-h----- C:\Documents and Settings\LocalService.NT INSTANS\Recent
2008-07-09 14:11:29 0 d-------- C:\Documents and Settings\Patrik\Application Data\iShell
2008-07-09 11:26:28 11264 --a------ C:\WINDOWS\msdmo.dll
2008-07-09 11:26:28 64777 --a------ C:\WINDOWS\GSpot221.dat
2008-07-09 11:26:28 274432 --a------ C:\WINDOWS\GSpot.exe <Not Verified; GSpot Appliance Corp, a unit of GSp0t Heavy Industries; GSpot Codec Information Appliance>
2008-07-08 14:09:47 0 d-------- C:\WINDOWS\Microsoft.VC80.ATL
2008-07-08 14:09:47 94208 --a------ C:\WINDOWS\FunambolAddin.dll <Not Verified; Funambol; FunambolAddin Module>
2008-07-06 17:34:55 0 d-------- C:\Program\HyCam2
2008-07-05 21:42:07 25088 --a------ C:\WINDOWS\system\vdsvrlnk.dll <Not Verified; ; VirtualDub>
2008-07-05 21:42:07 31232 --a------ C:\WINDOWS\system\vdremote.dll <Not Verified; ; VirtualDub>
2008-07-05 18:10:29 0 d-------- C:\Documents and Settings\Patrik\Application Data\Agency9
2008-06-28 09:34:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8
2008-06-21 20:21:02 0 d-------- C:\Documents and Settings\Patrik\Application Data\PCF-VLC
2008-06-21 20:15:02 0 d-------- C:\Documents and Settings\Patrik\Application Data\Participatory Culture Foundation
2008-06-21 20:13:13 0 d-------- C:\Program\Participatory Culture Foundation
2008-06-19 22:18:46 0 d-------- C:\Foto
2008-06-19 15:23:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools

-- Find3M Report ---------------------------------------------------------------

2008-07-13 20:16:37 0 d-------- C:\Documents and Settings\Patrik\Application Data\uTorrent
2008-07-13 14:30:48 11832 --a------ C:\WINDOWS\system32\nvModes.dat
2008-07-12 19:07:24 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-07-12 16:28:13 0 d-------- C:\Program\Spyware Doctor
2008-07-10 21:02:21 0 d-------- C:\Documents and Settings\Patrik\Application Data\EndNote
2008-07-09 10:49:39 0 d-------- C:\Documents and Settings\Patrik\Application Data\dvdcss
2008-07-07 14:54:07 0 d-------- C:\Documents and Settings\Patrik\Application Data\gtk-2.0
2008-07-06 15:59:51 0 d-------- C:\Documents and Settings\Patrik\Application Data\DivX
2008-07-06 15:54:40 1080 --a------ C:\Program\up_down(360).txt
2008-07-05 21:36:47 0 d--h----- C:\Program\InstallShield Installation Information
2008-06-28 11:57:28 0 d-------- C:\Documents and Settings\Patrik\Application Data\Skype
2008-06-28 11:56:52 0 d-------- C:\Documents and Settings\Patrik\Application Data\skypePM
2008-06-21 20:01:07 0 d-------- C:\Documents and Settings\Patrik\Application Data\Mozilla
2008-06-19 22:39:06 0 d-------- C:\Documents and Settings\Patrik\Application Data\WinEdt
2008-06-19 15:23:35 0 d-------- C:\Program\Delade filer\PC Tools
2008-06-17 12:53:37 438454 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-06-17 12:53:37 80220 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-06-13 11:28:53 0 d-------- C:\Program\Delade filer\Risxtd
2008-06-12 22:29:26 0 d-------- C:\Documents and Settings\Patrik\Application Data\Sibelius Software
2008-06-12 22:28:23 0 d-------- C:\Program\Sibelius Software
2008-06-11 14:37:57 0 d-------- C:\Program\DivX
2008-06-11 12:08:30 24136 --a------ C:\WINDOWS\system32\ppmon.exe
2008-06-11 12:08:30 7440 --a------ C:\WINDOWS\system32\ppmon.dll
2008-06-11 12:08:30 126976 --a------ C:\WINDOWS\system32\NWKL2_32.DLL <Not Verified; KEYLOK; >
2008-06-11 12:08:30 12480 --a------ C:\WINDOWS\system32\KL2N.DLL
2008-06-11 12:08:30 86016 --a------ C:\WINDOWS\system32\KL2DLL32.DLL <Not Verified; KEYLOK; >
2008-06-11 12:08:30 8968 --a------ C:\WINDOWS\system32\KL2DLL.DLL
2008-06-11 12:08:06 0 d-------- C:\Program\Neurobehavioral Systems
2008-06-11 12:07:21 0 d-------- C:\Program\Delade filer
2008-06-10 10:46:45 5044 --a------ C:\Documents and Settings\Patrik\Application Data\mainhst.zgh
2008-05-31 01:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 00:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 13:39:36 0 d-------- C:\Documents and Settings\Patrik\Application Data\IObit
2008-05-13 13:33:35 0 d-------- C:\Program\IObit
2008-05-08 21:57:20 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-04-26 03:14:34 3118860 --a------ C:\Program\01 - Scuttle Buttin' [#].mp3

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-07-09 23:13 2055960 --a------ C:\Program\AVG\AVG8\avgtoolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Program\AVG\AVG8\avgtoolbar.dll [2008-07-09 23:13 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-22 23:32]
"nwiz"="nwiz.exe" [2006-03-22 23:32 C:\WINDOWS\system32\nwiz.exe]
"Dell QuickSet"="C:\Program\Dell\QuickSet\QuickSet.exe" [2006-06-29 13:13]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2004-09-13 11:33]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"ISUSPM Startup"="C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"NVHotkey"="nvHotkey.dll" [2006-03-22 23:32 C:\WINDOWS\system32\nvhotkey.dll]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24]
"NvMediaCenter"="NvMCTray.dll" [2006-03-22 23:32 C:\WINDOWS\system32\nvmctray.dll]
"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-07-09 23:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35]
"i8kfangui"="C:\Program\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 18:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\Program\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S216.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=2 (0x2)
"avg8wd"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2008-07-13 20:17:08 ------------

----------------------------------- Uninstall list ----------------------------------------------------------------------------

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2 - Svenska
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
ALPS Touch Pad Driver
Apple Software Update
Audacity 1.2.6
AVG Free 8.0
BrainVoyager Brain Tutor
Broadcom Driver v4.170.25.19_Foxconn Installation Program
C-Major Audio
Dell ResourceCD
Dell Wireless WLAN Card
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EndNote X1
Enigma
EPSON Copy Utility 3
EPSON Printer Software
EPSON Scan
ESDX3800 User's Guide
File Renamer - Basic
GIMP 2.4.5
GiPo@MoveOnBoot 1.9.5
GPL Ghostscript 8.56
GPL Ghostscript Fonts
GSplit 2.1
GSview 4.8
GTK+ 2.10.13 runtime environment
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HyperCam 2
I8kfanGUI V3.1
Intel® PROSet/Wireless Software
itksnap-1.6.0.1 ITK-SNAP
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Kaspersky Online Scanner
Malwarebytes' Anti-Malware
MATLAB R2007b
M-Audio Reason Control Surface
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft DirectX SDK (March 2008)
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Team System 2008 Team Suite - ENU
MiKTeX 2.6
Miro
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0)
mp3-2-wav converter 1.14
mPfMgr
mPfWiz
mProSafe
MRIcroN (remove only)
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mToolkit
mWlsSafe
mXML
mZConfig
Nero 7
neroxml
NTI Shadow 3
NVIDIA Drivers
NVIDIA PureVideo Decoder
PDF Settings
PG Music DirectX Plugins 1.3.3.1
Photosynth
PowerISO
Presentation 12.1 04.10.08
PrimoPDF
PrimoPDF Redistribution Package
QuickSet
QuickTime
RealPlayer
Reason 4.0
ReCycle v2.1
ReFill Packer 3.0f5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Series II MIDI
Sibelius Scorch (ActiveX Only)
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype™ 3.8
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows Media Player 11 (KB939683)
Spyware Doctor 5.5
SUPERAntiSpyware Free Edition
System Requirements Lab
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB929969)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB933566)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows Media Player 9 (KB917734)
Säkerhetsuppdatering för Windows Media Player 9 (KB936782)
Säkerhetsuppdatering för Windows XP (KB890046)
Säkerhetsuppdatering för Windows XP (KB893756)
Säkerhetsuppdatering för Windows XP (KB896358)
Säkerhetsuppdatering för Windows XP (KB896423)
Säkerhetsuppdatering för Windows XP (KB896428)
Säkerhetsuppdatering för Windows XP (KB899587)
Säkerhetsuppdatering för Windows XP (KB899591)
Säkerhetsuppdatering för Windows XP (KB900725)
Säkerhetsuppdatering för Windows XP (KB901017)
Säkerhetsuppdatering för Windows XP (KB901214)
Säkerhetsuppdatering för Windows XP (KB902400)
Säkerhetsuppdatering för Windows XP (KB904706)
Säkerhetsuppdatering för Windows XP (KB905414)
Säkerhetsuppdatering för Windows XP (KB905749)
Säkerhetsuppdatering för Windows XP (KB908519)
Säkerhetsuppdatering för Windows XP (KB911562)
Säkerhetsuppdatering för Windows XP (KB911927)
Säkerhetsuppdatering för Windows XP (KB913580)
Säkerhetsuppdatering för Windows XP (KB914388)
Säkerhetsuppdatering för Windows XP (KB914389)
Säkerhetsuppdatering för Windows XP (KB917953)
Säkerhetsuppdatering för Windows XP (KB918118)
Säkerhetsuppdatering för Windows XP (KB918439)
Säkerhetsuppdatering för Windows XP (KB919007)
Säkerhetsuppdatering för Windows XP (KB920213)
Säkerhetsuppdatering för Windows XP (KB920670)
Säkerhetsuppdatering för Windows XP (KB920683)
Säkerhetsuppdatering för Windows XP (KB920685)
Säkerhetsuppdatering för Windows XP (KB921503)
Säkerhetsuppdatering för Windows XP (KB922819)
Säkerhetsuppdatering för Windows XP (KB923191)
Säkerhetsuppdatering för Windows XP (KB923414)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB923789)
Säkerhetsuppdatering för Windows XP (KB923980)
Säkerhetsuppdatering för Windows XP (KB924191)
Säkerhetsuppdatering för Windows XP (KB924270)
Säkerhetsuppdatering för Windows XP (KB924667)
Säkerhetsuppdatering för Windows XP (KB925902)
Säkerhetsuppdatering för Windows XP (KB926255)
Säkerhetsuppdatering för Windows XP (KB926436)
Säkerhetsuppdatering för Windows XP (KB927779)
Säkerhetsuppdatering för Windows XP (KB927802)
Säkerhetsuppdatering för Windows XP (KB928255)
Säkerhetsuppdatering för Windows XP (KB928843)
Säkerhetsuppdatering för Windows XP (KB929123)
Säkerhetsuppdatering för Windows XP (KB930178)
Säkerhetsuppdatering för Windows XP (KB931261)
Säkerhetsuppdatering för Windows XP (KB931784)
Säkerhetsuppdatering för Windows XP (KB932168)
Säkerhetsuppdatering för Windows XP (KB933729)
Säkerhetsuppdatering för Windows XP (KB935839)
Säkerhetsuppdatering för Windows XP (KB935840)
Säkerhetsuppdatering för Windows XP (KB936021)
Säkerhetsuppdatering för Windows XP (KB938829)
Säkerhetsuppdatering för Windows XP (KB941202)
Säkerhetsuppdatering för Windows XP (KB941644)
Säkerhetsuppdatering för Windows XP (KB941693)
Säkerhetsuppdatering för Windows XP (KB943055)
Säkerhetsuppdatering för Windows XP (KB943460)
Säkerhetsuppdatering för Windows XP (KB943485)
Säkerhetsuppdatering för Windows XP (KB945553)
Säkerhetsuppdatering för Windows XP (KB946026)
Säkerhetsuppdatering för Windows XP (KB948590)
Säkerhetsuppdatering för Windows XP (KB948881)
Säkerhetsuppdatering för Windows XP (KB950749)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951698)
Texas Instruments PCIxx21/x515 drivers.
Texas Instruments PCIxx21/x515/xx12 drivers.
Unlocker 1.8.5
Update for Office 2007 (KB946691)
Uppdatering för Windows XP (KB894391)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB900485)
Uppdatering för Windows XP (KB908531)
Uppdatering för Windows XP (KB910437)
Uppdatering för Windows XP (KB911280)
Uppdatering för Windows XP (KB916595)
Uppdatering för Windows XP (KB920872)
Uppdatering för Windows XP (KB922582)
Uppdatering för Windows XP (KB925720)
Uppdatering för Windows XP (KB927891)
Uppdatering för Windows XP (KB930916)
Uppdatering för Windows XP (KB931836)
Uppdatering för Windows XP (KB932823-v3)
Uppdatering för Windows XP (KB933360)
Uppdatering för Windows XP (KB936357)
Uppdatering för Windows XP (KB938828)
Uppdatering för Windows XP (KB942763)
Wav2MP3 Wizard v3.2 (Build 354)
VideoLAN VLC media player 0.8.6c
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live inloggningsassistenten
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinEdt
WinRAR archiver
VobSub v2.23 (Remove Only)
ZipGenius 6 (6.0.3.1140)

#7
patrik

Posted 13 July 2008 - 01:02 PM

New Member

Topic Starter
Member
8 posts

(PART 2)

--------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 13, 2008 7:57:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/07/2008
Kaspersky Anti-Virus database records: 948721
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 255784
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 04:34:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\b64d30f3444f63cdfb1269dcb3d4e22c_657ad6f3-3516-42d2-bf73-97ccf3c59fb9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Dokument\rminstall.exe Object is locked skipped
C:\Documents and Settings\All Users\Dokument\sdsetup.exe Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService.NT INSTANS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT INSTANS\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT INSTANS\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT INSTANS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT INSTANS\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT INSTANS\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT INSTANS\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT INSTANS\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT INSTANS\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT INSTANS\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\cert8.db Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\foxmarks.log Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\key3.db Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\parent.lock Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\places.sqlite Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\Patrik\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Patrik\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\ltbnr5cx.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Patrik\Lokala inställningar\Tidigare\History.IE5\MSHist012008071320080714\index.dat Object is locked skipped
C:\Documents and Settings\Patrik\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Patrik\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Patrik\Skrivbord\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Patrik\Skrivbord\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Patrik\Skrivbord\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\Patrik Andersson\.fonts.cache-1 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\colorrc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\controllerrc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\documents Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\gimprc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\gtkrc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\menurc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\parasiterc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\pluginrc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\sessionrc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\templaterc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\themerc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-airbrush-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-airbrush-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-blend-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-blend-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-brightness-contrast-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-brightness-contrast-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-bucket-fill-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-bucket-fill-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-by-color-select-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-by-color-select-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-clone-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-clone-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-color-balance-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-color-balance-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-color-picker-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-color-picker-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-colorize-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-colorize-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-convolve-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-convolve-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-crop-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-crop-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-curves-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-curves-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-dodge-burn-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-dodge-burn-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-ellipse-select-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-ellipse-select-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-eraser-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-eraser-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-flip-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-flip-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-free-select-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-free-select-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-fuzzy-select-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-fuzzy-select-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-hue-saturation-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-hue-saturation-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-ink-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-ink-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-iscissors-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-iscissors-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-levels-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-levels-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-magnify-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-magnify-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-measure-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-measure-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-move-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-move-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-paintbrush-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-paintbrush-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-pencil-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-pencil-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-perspective-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-perspective-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-posterize-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-posterize-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-rect-select-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-rect-select-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-rotate-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-rotate-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-scale-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-scale-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-shear-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-shear-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-smudge-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-smudge-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-text-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-text-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-threshold-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-threshold-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-vector-tool Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\tool-options\gimp-vector-tool.presets Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\toolrc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gimp-2.2\unitrc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.gtk-bookmarks Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\aucfg.ini Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\AU_Log\TmuDump.txt Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\AU_Temp\102260_263752\AU_Down\engine\ssapi32_v5\ssapi32.zip Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\AU_Temp\102260_263752\server.ini Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\BPMNT.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\ciussi32.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\dsvout.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\engine.stat Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\getMac.exe Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\GetServer.ini Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\hs_err_pid4000.log Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\jsapi.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\jupdate.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\local.conf Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\2006-09-02-09-56-35.infections Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\2006-09-02-17-46-51.infections Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\dsvout.log Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\engine0.log Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\engine0.log.lck Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\error0.log Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\error0.log.lck Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\everything0.log Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\execution0.log Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\execution0.log.lck Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\log\hc_update.log Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\msvcp60.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\patch.exe Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\PATCHW32.DLL Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Pattern\lpt$vpn.713 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Pattern\LPT$VPN.715 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Pattern\LPT$VPN.717 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Pattern\LPT$VPN.719 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Pattern\LPT$VPN.721 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Pattern\tmaptn.407 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Pattern\TMVAmain.ptn Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Pattern\tsc.ptn Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Quarantine\nvsvcd.exe.bac_a65036 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Quarantine\setup.exe.bac_a65036 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Quarantine\smss.exe.bac_a65036 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\ssapi32.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\ssapiptn.da5 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\tmcomm.sys Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\TmEngDrv.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\TmUpdate.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\tsc.exe Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com\ini_xml.zip Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com\ini_xml.zip.etag Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com\server.ini Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com\server.ini.etag Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\usrbl.dat Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\usrwl.dat Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\vsapi32.dll Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.housecall6.6\vscan.dat Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.idl\Readme.txt Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.idl\rsi\itools-2-idl_6_1\Readme.txt Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.idl\rsi\Readme.txt Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\1f4ad089e58fb51ecfc00e42cccb4ed0.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\3d11fead91395d74079bc7dc449e0ecb.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\6154b6af13d0624ebde9fc3c509ec40f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\6170ac402439ad630c74427ed4fd0986.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\6797dc331a8f73ea5a98e290560401db.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\85612856265e329364c89d17bc46f674.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\b08dc49e28a78e83eb4a32710cca167f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\d4b260007c1de27252286a09c556af7f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\e213d279ea4ecb1677bbc1118d1d82fc.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\fail\gimp-2.2\f27d8e847b5d5a79191798e958ccea91.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0030c1e4264fed8c378df4c0e7e64dd6.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\045f4d7a1e7b8b81a6bfd9c03a96938a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\04e2c0318d593cdc6b40d989e923d971.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0567526f1a38746b33c1da4c504d3177.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\05a93b0cf94491bf9924cbe066d0d724.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\05ec17c6d4f4d1cfe24f9d49fa511784.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\067ace9cbba933424f01841d5d36696f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\06d0433d77d8f0751b36afceca8b3975.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\08f9ce8cd941b4cf9467d578dc1b4a99.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\09bd895e62d4c9c43ecda0a67bf55594.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0b29e198c2708192f8229c78cfc5870c.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0b736330954e8b4df010bde33db3d18e.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0bcafb1b633743038fa36c7ce4a735ab.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0dcc8f1253c3589101964e995aa7cd5f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0e63cb32a952c86b2533bbd937f8fd67.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0e7499e02804a6ec9dea3e5d83ce71f1.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0eb05a13ca2204e9c6ecb054a416f658.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0ed066c8dda40325e22ec35340e784f3.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\0f8d3a91dfa1e555926833d6478d222a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\13e51ea23d71c2a21f6dfb3ada305ea6.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\143d3d417119635cf79e9531e972f66c.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\153736a361d1debacf9e625ee1dfc9e9.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\157aeac9af6227eb5bb7eebf06e9957e.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\15a2ed13bef4e2bd70fb551f7ae28230.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\1666a56ba9ba492ce4a07d7190543676.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\169f1be04717eaa7c00ba4365d800c3a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\176fd39d9a66552680c1522ae6f6996c.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\1935db5286c83f9987d4961ea4d6e67e.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\19b34855b0a5f87bd6bd4039f4ae88fc.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\1a27a3ce8fa5164939656f6cf281e9eb.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\1ab1b5bd4f6df6e47c8f553912fdd740.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\1b88f28c34c3f7d1c4f42a942c2f5235.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\1c6bbff56063fcd12fb59c27e0d4b01f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\1d3003713dba14b423f12dfc037c82fe.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\218f2ae5107cdf90e9535e50464b1221.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\23dae8668bc6d7d55405e5b9c05e3cb2.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\241de73efd0a3980a5ea0b52da7a352f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\249152b4c8c1151c757d0c41f4393f3c.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\24edfdc9d84aa3556f89a57b7e05794b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\25a13833d0c477f01e8c4e6293b26102.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\262d6bd45c98aa04a762747485e8e639.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\26d4c31654240c578bb92730145cdb4e.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\27d6ee97446385a99156cdf3402eb85f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\285305b582967243ae77074c1378ce62.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\28b5a551175aa780c55e2a205fd70592.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\28f4cd9b2c846ba220256c0a154cfb75.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\29be3b1f88b2aa682817f994c9640649.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\29c531f40dd2624651c400d77de973a4.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\2ae7d0f9e0132aa2885afa0abd844645.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\2b5308acf01812142b8bd4903103b443.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\2b9b1e710c22323a8033eec1a639993b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\2c90c15c6904732e72abb72081913e4c.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\2e4d6bb146c0ed55f2e82e9a56843afa.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\2e4f200e0a54a0903d947aad57bf2ca4.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\2e861e7da99ce0ba2d240b9001ec3253.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\2fbf79c78546da1f4baa54a684a6c0d1.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\303b33207c25b350e385801c6e1677f1.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\340a26c065170ea4b011dc5eaaeed391.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\34f86a3ceef969514dcc8213e4924784.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\35899fae260c84c2e47a4d556f74eccb.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\367eda28a01f3af97464543d1cc54e4e.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\381af981b4d26b54ee7e402f5ad8fa46.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\38431f46da3a3d0a532df114c7efaf73.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\387a0b8d711358e140f78888446f9205.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\388357d2078459c61eb7b62da713445e.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\3938f6b577ac987d73473383f6f1a230.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\3a56de2830d7e495f3504dd62779a61d.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\3aad2b21ef13a0cb2bf0c5d88fa7f7e4.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\3cc8d2446380e2410d683cc3afc31087.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\3fc7e57cfffacaa66eedb058c8103763.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\4214918cda803c43ede5dce2c8661abf.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\43a00b92fd81847bf601fbd3dfd77757.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\440fd9942cfd2fdfd6b900ae7920852d.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\4507cf16d65a3895add7c3bd9cc8c608.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\462c244aa87cc0495e1cd452a68ba8d8.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\472326460a2443527f01eb449da2a01d.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\48ea89dc1602616c419108c122022b58.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\496d357e5c6ce324bf29398777ae727a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\4b6b4b655480757e1a66d64346f1e8db.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\4ce2428e11c632bec6fcb5b2869cdcf9.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\4d03e362e23a41961e5b1d38c3119b1f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\4d2e7e938c5093ffd97a215434746f01.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\4e5536e292ef605d4c1195befcb144e3.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\510952be4f7a36e56740b64ae1e17a9a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\519492d72ec7585ecb7506f281e78413.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\525abf30d9f87327ee138cd899c3aea3.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\52a4bfd98bdbdd5c1b8ab54c18c423a7.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\53f711a3df22b77f7ac43dbcb03d7e94.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\553b8d214146e3e7def684a2e884095b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\562a0eed717108ba53d6c0fdab2d41cc.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\5637ca470fbc12c6dc40f8cb8656cd5a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\563d8eefddb204d1bc3afd6a053d4774.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\577a18faf6e11f9a046ee9ac3e8deec0.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\58d81d721fb7c834f470c982cd219fa6.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\5e9ba9d4ad992c2c05fc3d9d89875b85.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\5f50ebe71b4a08410eae91d75bd161cb.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\61a0e019f1788f5ab72adbe4fea7f8e3.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\6391f714e6ca7dfdf4f3003a6b23843b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\649bff2c153b726b0718b7ee59f8958d.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\65a84361a8920ee33e553935c53f6ab4.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\690a41f012bb26af345d547aabf707fb.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\6ae03b4ee4fd8e8a541cc913df02954e.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\6dcfb74332747d30b2f0b2ec9e1b24b4.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\7044769b085606d872438fe098cec5b1.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\724b595209f80efb58f27759f6505899.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\724d2e967358a22a98ca8c04aea7859c.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\73c5092ca5698b8eda861a7b77249fe3.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\74286d492c90ec69ac2d2dce065deb70.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\76255ec4d337b5a7aa3447ff776723c8.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\76ce0ce55ef9a32f6a2a15ac3287c33d.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\799626b6ee9242d74b47c45c60619815.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\7a7a9af12162d1a9eef46e579089c822.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\7b3d5bc63b10553e8a4aaf98c402f29f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\7b8d3ef4d9877fc337516aba0a2aa909.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\7faf4343091b3c8bb03a1920f530b206.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\7ff0a67fc10036f21ba867f682c18a32.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\811ec289ac7bf7bde284f9923c60c32a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\81280ace7c7c21314f353d26604b42e9.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\815d6f99a443d3364c22a14427a990ca.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\820ac0684683681c499c6410eaeae686.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8411b5b120dfef5cc1caa23faae187a8.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\842f0021f2ac8ddbd7066eedc127a589.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\855a6a3bcf84da8ba065a04a041f79e4.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8727748a9177364e04e2cb92dabeefce.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\87768e93b305c2e854ef602626c005ae.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\895dd159206d000784c8b8025514b1fc.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\89ae4509d9b4e677664f4af455240136.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8a635e93fcdad1a1ae1576e68df25d60.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8b5119506b340ab7d2b7beba70e1ea41.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8c26a1f3d01defbaa6863401c601d887.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8c9352aa04474e2bb58024977b0144a5.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8d9e09305cb2888d5e09d4c60b0eef75.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8f19f09a2f1a932f3cf6628adb990901.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8f4b786bff0db71a7368526c887e8f8a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8f58ab8c573c05d738f48bfa8046f56b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\8f7de159ddee8c0257ae001297f81266.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\903a5923d892f40bb985e38f506a2e04.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\92a1a74d897822275896895ed943f3cf.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\92bf075a84a6b875c74ac860be8cd60b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\92e841cf5d14e3b030a46228b2f24254.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\941b0ea8435004e37e76c9b9f0588b13.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\955bca4acaa232011e4f09f1788e830a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\9568a7e4800431d0d0e942e9df94c0a8.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\966bbb18f87a3a8e45598d55185c02a0.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\96c1db5be06cef970a631a20c3b68bb4.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\978bbdaa51c7f21a650f1f0f5918bc0f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\997e6ae88c77ea4826a5ea73934c7827.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\9a34d11738f9cd68943c230e11447d0e.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\9a850f8fabcf2548d63ed97ecd1629d8.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\9e51897c4577168ac5070846312b215c.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\9e716d5a0404a5de8c19c28fc724695d.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a118f4196da007842118df73a1e5b7e8.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a2a9884c6c385377161ce88548f94adb.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a3602abe8bb5621f9b5014caec4ef5ef.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a3c949dc79b9c1568de854f4f6eb0c35.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a3e0e49bf2f5ea2b5917c48d9de6cfb5.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a45d271d5588d496ff7e8abf13e860c3.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a5ba1875f415e5e6d8f1586a56a1e0be.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a651c783474b88ecb78cf1df610d07f5.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\a9b4b8e59ce5c147e7b7abc4fe436041.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\ab507f09d56ebf4a0f987533f6469048.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\ab92c4c906535632376875eeb10e671f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\adbb9f7e38d7f5f8a663e76c43ecc592.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\ae0ddaf431c7fcc94c914a9aa156e748.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\b08bcab4e72f1ff4c8e814071281adbc.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\b1028a29a8f36539335c3951f8c444d9.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\b1e2fcf9008daf98205e4edf0a5636d0.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\b43427d3ac2f43d94d482db6d97d3499.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\b4aac9916bda15658383bce3674d3cf5.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\baa5755530f43a5ea8c6995a87b1a925.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\bb1b822faad75ddab2a153efe4faf7e3.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\bccdf0d79374f56b5b421f78fd4fc013.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\be3bcc0d61019ac05344d6a51e51a245.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\c0e8c4c94d76e58df1e337f02ec2320b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\c1c3bf017628d896a538fd3d5f377bf2.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\c22dd9a2bcbf623ec0d52f00a8e1ed0b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\c3a690d680d5f78d01d1cf4e11476cbd.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\c423b4e08948c752d84f3efb81fbdd5f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\c4a7252d7bdc10f162b8a33f690822be.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\c6b8543ee60342cb440501f5fa8dd050.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\c9e2d6761ec23404db5f06145f6a120d.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\cd9acd0fb5ccfb16a069a7802cb83433.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\ce85fda86716e7869f7f7437fcca6269.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d08bda8525b72faede84573acabf05db.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d15cc3905984896f7968ee1a6d2dc072.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d1f1845e3160991ef51ab308ca453dfd.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d23ff0667b2b2d6c41e45942163343d1.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d2e2884f567ca0ef8f043b13367bd227.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d41ebe87fb83f5c0cf5c35a49af3f197.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d46c826a3d5122afb73798a1485d46c9.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d4c6f8673afabfa9caeb555f930b03e6.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d551b40be735de9ff5bed5ee9f7c0499.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d825808ffd58d2fba025556c5a9ace22.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d8fcb0baab27c2ad29a202a4bf0cbf65.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d90553395455ed24143280035c8a824f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\d9d802cf66f68f13025fc11b52b9477a.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\dba860894713faca9cb4a6e00fec1fd9.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\de566c76cf4883c38571a2a362df933b.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\deb4d5683a6358498326509179321fc5.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\df1c84d0a0ab75930c23edd0b7268891.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e09cf4ca360ac5d4b8e20d0ca00b2280.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e0dba3d90f7f26717868c298e1b53ea7.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e135aa7576bb7c8fecbf2d0135cd6ebd.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e1d0b46a2e8ea379f404131866744222.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e32a930c3465fea399c66b418ebaa27f.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e38c5012f4e99ea3bcd6d344e9630a69.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e402511d3fa1fbaa70a9fe5cf09756be.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e600501e59bd6ab812751e3aba873d20.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\e61c5f53f164fb75f07cce1788078deb.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\ecbca38d6e6cc7c77c47b50fa79013b0.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\f13e3580f68da5c54fa76bad4c9c3ac4.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\f13f4a8159932649f58d93a0d062ec55.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\f16416718ef9d20cb80d16bebdf644bd.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\f6d26fbb338f5e8be30ba2bc8feae357.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\f9867c94eaca5f8f4f72357e911e5f40.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\fa0a219725fb27b8cefe8f86d0190183.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\fc435af1435e5b45ae3d9a4f71120be9.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\fd0425eef4d48d3c160a45ccfcba446c.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\.thumbnails\normal\fe7f409c875f72417806d1f5c313d3e3.png Object is locked skipped
C:\Documents and Settings\Patrik Andersson\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Patrik Andersson\Application Data\.BitTornado\config.gui.ini Object is locked skipped
C:\Documents and Settings\Patrik Andersson\Application Data\.BitTornado\datacache\3e9e687df702a28cdbf9250748524189ec1eab68 Object is locked skipped
C:\Documents and Settings\Patrik Andersson\Application Data\.BitTornado\datacache\4dc48f88269590c4f32dac97e06b3f6780355cba Object is locked skipped
C:

#8
andrewuk

Posted 13 July 2008 - 01:06 PM

Trusted Helper

Malware Removal
5,297 posts

no need to post the rest of the kaspersky, i got what i needed from it.

looking over your log now and i will be back with instructions

andrewuk

#9
andrewuk

Posted 13 July 2008 - 01:47 PM

Trusted Helper

Malware Removal
5,297 posts

Hi patrik

"a quick question, you machine is set up to not allow you to open Display in the control panel, is this meant to be the case?"
This is not a setting I have made (or noticed actually). I have the Swedish Windows version, could it be something silly like this?

more likely it was set this way by one of the infections you got, we will correct this in this post.

in this post we will correct that entry and update your java, and then see how your machine is running.

the SUPERantispyware scan only found some cookies and the kaspersky scan only found some of the fix tools we have been using. Locked and skipped merely means that the scan was not able to scan those files.

also, spyware doctor appears to be interferring with your AVG (which is probably why it is eating up your memory), so could you disable it or remove the program via add/remove programs in the control panel. when we wrap this up i will show you some programs which you can replace it with. personnally, i would remove it.

====STEP 1====
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system\\NoDispCPL
EmptyTemp
purity 
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

====STEP 2====
Clearing the Java cache:
there is a nice set of instructions http://www.java.com/.../5000020300.xml

Click Start > Control Panel.
Double-click the Java icon in the control panel and then the Java Control Panel will appear.
Click Settings under Temporary Internet Files and the Temporary Files Settings dialog box appears.
Click Delete Files and the Delete Temporary Files dialog box appears.
Make sure all three boxes are ticked: Downloaded Applets, Downloaded Applications and Other Files and then Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on Temporary Files Settings window.

Upgrading Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

In your next reply could i see:
1. the OTMoveIT log
2. a new hijackthis log
3. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#10
patrik

Posted 14 July 2008 - 11:55 AM

New Member

Topic Starter
Member
8 posts

Thanks again! Still very grateful......

The computer seems to run ok now. Some things that were changed with the infection I suppose are 'normal windows changes' made by the virus; The 'windows green field' desktop image at startup before the 'starting Windows' blue screen. Also, the font-size of the taskbar was changed.

Here are the last things u asked for:

------------------------- OTMoveIt log -----------------------------------------------------------

Explorer killed successfully
< HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system\\NoDispCPL >
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system\\NoDispCPL deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Patrik\LOKALA~1\Temp\~DF744B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrik\LOKALA~1\Temp\~DF745E.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07142008_191153

Files moved on Reboot...
File C:\DOCUME~1\Patrik\LOKALA~1\Temp\~DF744B.tmp not found!
File C:\DOCUME~1\Patrik\LOKALA~1\Temp\~DF745E.tmp not found!

------------------------------HJT log------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:32, on 2008-07-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\Program\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Dell\QuickSet\QuickSet.exe
C:\Program\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Apoint\Apntex.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [i8kfangui] C:\Program\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8838 bytes

---------------------------------------------------------------------------------------------------------------

#11
andrewuk

Posted 14 July 2008 - 12:58 PM

Trusted Helper

Malware Removal
5,297 posts

Hi patrik

The 'windows green field' desktop image at startup before the 'starting Windows' blue screen. Also, the font-size of the taskbar was changed.

i could try and sort these out, but there are more qualified people elsewhere on the forum that can help you. personally, i would look in Display in the Control Panel. However, go through the steps below to wrap up the malware fix and then post the issue about the Taskbar size and green field desktop image in this part of the forum: Geeks to Go! » Operating Systems » Windows XP™, 2000, 2003, NT. say that your machine has been cleaned of malware. they should have you sorted in no time.

......and once you have done the steps below, backup the key items on your machine!

congratulations, your logs are clean and another fix is in the can

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

====STEP 2====
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Instructions with screenshots to help is http://www.f-secure..../sfc_dis1.shtml

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405

====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.

====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

andrewuk

#12
patrik

Posted 14 July 2008 - 02:57 PM

New Member

Topic Starter
Member
8 posts

Hey! Thank you so much for your help and your time! Its been incredible realizing that not everyone are after a big profit first of all. In case you would need any Matlab help, send me a message

I will do as you suggested and see if someone can help me with the last minor issues.

I only have a couple of more questions regarding your installation suggstions.
Is Spywareguard up to date? It says 2004 in 'definitions date' after updating it.

(naive question)The programs you suggest only talks about Malware and Spyware. Are viruses included in these definitions?

Have a brilliant summer, and here is the last thank you:
Thanks you.

/P

#13
andrewuk

Posted 15 July 2008 - 12:31 AM

Trusted Helper

Malware Removal
5,297 posts

SpywareGuard doesn't update itself like other anti-spyware programs because it uses heuristics to defend a users PC from attacks, hence why the last update was so long ago

the suggested programs are all spyware related. Your AVG will be able to take care of the virus side of your security. the key is only to have one anti-virus program running. and also to make sure all your security programs are kept up-to-date.

personally, i update all my security programs once a week and then do a complete scan with each of them. takes up to 3 hours, but is worth it.

andrewuk

#14
andrewuk

Posted 16 July 2008 - 12:32 PM

Trusted Helper

Malware Removal
5,297 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.