Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spoolsv.exe [RESOLVED]


  • This topic is locked This topic is locked

#1
HansErik

HansErik

    Member

  • Member
  • PipPip
  • 14 posts
Hello again..

I have some problems with some [bleep].. I'm not sure what and how much, but today my antivirus has reported several trojans.. It moves them to quarantine but it is still coming warnings..

Can someone please take a lokk and help me check.

I have ran spyboot with no treats. Spyware guard and spyware blaster is running always...

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:45, on 14.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199485770906
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8473 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there spoolsv.exe is a legitimate file if in system32, if you remove it your printers will not work

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
HansErik

HansErik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
[quote name='Essexboy' date='Jul 14 2008, 11:04 PM' post='1284161']
Hi there spoolsv.exe is a legitimate file if in system32, if you remove it your printers will not work

[quote]

Yes I know that, but when i search my computer I found 6 in different places...

Here are the logs.. Enjoy!!
:-)


Deckard's System Scanner v20071014.68
Run by Hans Erik Vikestad on 2008-07-15 14:41:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
54: 2008-07-15 12:41:58 UTC - RP170 - Deckard's System Scanner Restore Point
53: 2008-07-14 18:22:19 UTC - RP169 - Kontrollpunkt for system
52: 2008-07-12 20:41:42 UTC - RP168 - Kontrollpunkt for system
51: 2008-07-11 15:57:11 UTC - RP167 - Software Distribution Service 3.0
50: 2008-07-10 17:42:08 UTC - RP166 - Kontrollpunkt for system


-- First Restore Point --
1: 2008-04-20 11:24:14 UTC - RP117 - Kontrollpunkt for system


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Hans Erik Vikestad.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:35, on 15.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Hans Erik Vikestad\Skrivebord\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hans Erik Vikestad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199485770906
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8512 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080407-162758-205 O2 - BHO: {507bbee5-37db-0b3a-4ec4-3ed5894d7b87} - {78b7d498-5de3-4ce4-a3b0-bd735eebb705} - (no file)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 SASDIFSV - c:\programfiler\superantispyware\sasdifsv.sys (file missing)
S1 SASKUTIL - c:\programfiler\superantispyware\saskutil.sys (file missing)
S3 SASENUM - c:\programfiler\superantispyware\sasenum.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nTuneService (nTune Service) - c:\programfiler\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S3 ServiceLayer - "c:\programfiler\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: N82
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: N82
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-08 13:21:18 0 d-------- C:\Programfiler\Google
2008-07-05 21:50:40 0 d-------- C:\WINDOWS\Prefetch
2008-07-05 20:32:01 0 d-------- C:\WINDOWS\system32\no
2008-07-05 20:32:01 0 d-------- C:\WINDOWS\system32\bits
2008-07-05 20:32:01 0 d-------- C:\WINDOWS\l2schemas
2008-07-05 20:30:29 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-05 18:54:14 0 d-------- C:\WINDOWS\nvidia icons


-- Find3M Report ---------------------------------------------------------------

2008-07-14 22:21:34 0 d-------- C:\Programfiler\SpywareGuard
2008-07-11 00:56:37 446962 --a------ C:\WINDOWS\system32\perfh014.dat
2008-07-11 00:56:37 81074 --a------ C:\WINDOWS\system32\perfc014.dat
2008-07-10 20:27:54 0 d-------- C:\Documents and Settings\Hans Erik Vikestad\Programdata\LimeWire
2008-07-08 13:23:57 0 d-------- C:\Documents and Settings\Hans Erik Vikestad\Programdata\Google
2008-07-05 20:32:13 0 d-------- C:\Programfiler\Messenger
2008-07-05 20:32:01 0 d-------- C:\Programfiler\Movie Maker
2008-07-05 20:30:15 0 d-------- C:\Programfiler\Windows NT
2008-05-20 19:09:01 0 d-------- C:\Documents and Settings\Hans Erik Vikestad\Programdata\uTorrent
2008-05-19 15:12:54 0 d-------- C:\Programfiler\Nokia
2008-05-19 15:12:19 0 d-------- C:\Programfiler\Fellesfiler\Nokia
2008-05-19 15:04:55 0 d-------- C:\Documents and Settings\Hans Erik Vikestad\Programdata\Nokia
2008-05-19 14:50:52 0 d-------- C:\Programfiler\Fellesfiler
2008-05-19 14:50:52 0 d-------- C:\Programfiler\Fellesfiler\PCSuite
2008-05-19 14:50:27 0 d-------- C:\Programfiler\PC Connectivity Solution
2008-05-17 18:32:00 0 d-------- C:\Programfiler\Fellesfiler\Adobe
2008-05-17 18:31:34 0 d-------- C:\Documents and Settings\Hans Erik Vikestad\Programdata\AdobeUM
2008-05-17 18:28:36 0 d-------- C:\Documents and Settings\Hans Erik Vikestad\Programdata\Adobe
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-15 14:35:24 0 d-------- C:\Programfiler\Microsoft AutoRoute
2008-05-13 11:41:16 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-12 13:20:50 8 --a------ C:\WINDOWS\system32\nvModes.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [26.02.2007 09:03 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16.05.2006 12:04 C:\WINDOWS\SkyTel.exe]
"Gainward"="C:\WINDOWS\TBPanel.exe" [10.03.2008 12:46]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16.05.2008 14:01]
"nwiz"="nwiz.exe" [16.05.2008 14:01 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29.11.2007 03:17 C:\WINDOWS\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14.04.2008 18:23 C:\WINDOWS\system32\bthprops.cpl]
"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [24.08.2007 08:00]
"amd_dc_opt"="C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [17.11.2006 17:49]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [02.06.2008 14:46]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [16.05.2008 14:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 12:34]
"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [04.09.2007 20:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 18:22]
"ISUSPM"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [10.09.2006 23:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Hans Erik Vikestad\Start-meny\Programmer\Oppstart\
SpywareGuard.lnk - C:\Programfiler\SpywareGuard\sgmain.exe [29.08.2003 19:05:35]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.04.2008 03:38:16]
Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [03.02.2008 12:46:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll 09.01.2008 13:30 72208 c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8810 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-15 14:44:24 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: Norwegian

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of Memory in Use: 16%
Physical Memory (total/avail): 3583.48 MiB / 2977.86 MiB
Pagefile Memory (total/avail): 5465.24 MiB / 5041.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.43 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 270.45 GiB total, 164.12 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 195.3 GiB total, 109.47 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ - 465.76 GiB - 2 partitions
\PARTITION0 - Utvidet med Extended Int 13 - 270.45 GiB - C:
\PARTITION1 (bootable) - Installerbart filsystem - 195.3 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Hans Erik Vikestad\Programdata
CLIENTNAME=Console
CommonProgramFiles=C:\Programfiler\Fellesfiler
COMPUTERNAME=NATO-LOBBY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Hans Erik Vikestad
LOGONSERVER=\\NATO-LOBBY
NpmLib=C:\Norman\Npm\Bin
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Programfiler\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programfiler\PC Connectivity Solution;C:\Norman\Npm\Bin;C:\Programfiler\Fellesfiler\Roxio Shared\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Programfiler
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HANSER~1\LOKALE~1\Temp
TMP=C:\DOCUME~1\HANSER~1\LOKALE~1\Temp
USERDOMAIN=NATO-LOBBY
USERNAME=Hans Erik Vikestad
USERPROFILE=C:\Documents and Settings\Hans Erik Vikestad
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Hans Erik Vikestad (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0414-0000-0000000FF1CE} /uninstall {3FE135E8-2B21-44ED-99CA-87C782C4F5F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0814-0000-0000000FF1CE} /uninstall {63BBC1EA-E390-403D-BFDE-B53E1D23FF46}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0414-0000-0000000FF1CE} /uninstall {3CC75FEB-8AA6-43F5-958E-0D074633CB2E}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
µTorrent --> "C:\Programfiler\uTorrent\uTorrent.exe" /UNINSTALL
Avanquest update --> C:\Programfiler\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0014 -removeonly
CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Clive Barker's Jericho --> "C:\Programfiler\InstallShield Installation Information\{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
ConvertXtoDVD 3.0.0.1 --> "C:\Programfiler\VSO\ConvertX\3\unins000.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DiRT --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x9 -removeonly
DivX Codec --> C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD Decrypter (Remove Only) --> "C:\Programfiler\DVD Decrypter\uninstall.exe"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
EXPERTool --> RunDll32 Setupapi.dll,InstallHinfSection TB.Remove 4 TBNT4.inf
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programfiler\google\googletoolbar1.dll"
Google Updater --> "C:\Programfiler\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 5 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.16.3 --> "C:\Programfiler\LimeWire\uninstall.exe"
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{648F9C94-EC44-487B-9DA4-44ED72A082CC}\setup.exe" -l0x14
Logitech SetPoint --> C:\Programfiler\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0014 -removeonly
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0015-0414-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0016-0414-0000-0000000FF1CE}
Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-00BA-0414-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0044-0414-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-00A1-0414-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001A-0414-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0018-0414-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Nynorsk)) 2007 --> MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE}
Microsoft Office Proofing (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-002C-0414-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0019-0414-0000-0000000FF1CE}
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-006E-0414-0000-0000000FF1CE}
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001B-0414-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.15) --> C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need for Speed™ ProStreet --> MsiExec.exe /X{343737F4-C04D-49F4-BE58-C7EAA8EBA57A}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Flashing Cable Driver --> MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Map Loader --> MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia Multimedia Factory --> "C:\Documents and Settings\All Users\Programdata\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite --> C:\Documents and Settings\All Users\Programdata\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_nor.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Nokia Software Updater --> MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
Nokia Video Manager --> "C:\Documents and Settings\All Users\Programdata\Installations\{B1B4E612-9ACC-4fab-BD04-1721D9503266}\NokiaVideoManager1.6.exe" /MAINTENANCE /SILENT="SGWLRPFCE" /LANG="2057" /O=";EXTUNINSTALL=1"
Nokia Video Manager --> MsiExec.exe /I{B1B4E612-9ACC-4FAB-BD04-1721D9503266}
Norman Virus Control --> C:\Norman\NVC\BIN\DelNVC5.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1044
Oppdatering for Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Påloggingsassistent for Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x14 -removeonly
Roxio Easy Media Creator 7 Basic DVD Edition --> MsiExec.exe /I{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sikkerhetsoppdatering for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Skype 2.5 --> "C:\Programfiler\Skype\Phone\unins000.exe"
Sony Ericsson PC Suite 3.102.00 --> C:\Programfiler\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0014 -removeonly
Spybot - Search & Destroy --> "C:\Programfiler\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster 4.0 --> "C:\Programfiler\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> C:\Programfiler\SpywareGuard\unins000.exe
Tom Clancy's Rainbow Six Vegas --> C:\Programfiler\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Update Service --> C:\Programfiler\Sony Ericsson\Update Service\uninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> C:\Programfiler\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Programfiler\Winamp\UninstWA.exe"
Windows-driverpakke - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_0F15CD9EC220F0ED6D5B62BB6C873766011FDDAE\amdk8.inf
Windows-driverpakke - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows-driverpakke - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows-driverpakke - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows-driverpakke - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows-driverpakke - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Messenger --> MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Programfiler\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2881 / Success
Event Submitted/Written: 07/15/2008 02:40:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2873 / Success
Event Submitted/Written: 07/14/2008 10:39:36 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2864 / Success
Event Submitted/Written: 07/14/2008 10:14:26 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2859 / Error
Event Submitted/Written: 07/14/2008 09:51:34 PM
Event ID/Source: 1 / NormanNPT
Event Description:
Norman Message [2008/07/14 21:51:34]
--------------------------------------------------------
Application: NVC Cats Claw
Node address: 10.0.0.2
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'W32/Agent.GKFA'
Login information: User 'Hans Erik Vikestad' on host 'NATO-LOBBY'.
File infected: c:/System Volume Information/_restore{67B899BA-FBA7-475C-A064-DE6DD38002C9}/RP168/A0025705.exe
Virus repaired:
Virus name: 'W32/Agent.GKFA'

Event Record #/Type2858 / Error
Event Submitted/Written: 07/14/2008 09:51:28 PM
Event ID/Source: 1 / NormanNPT
Event Description:
Norman Message [2008/07/14 21:51:28]
--------------------------------------------------------
Application: NVC Cats Claw
Node address: 10.0.0.2
--------------------------------------------------------

ALARM:
Virus infected:
Virus name: 'Vundo.gen214'
Login information: User 'Hans Erik Vikestad' on host 'NATO-LOBBY'.
File infected: c:/System Volume Information/_restore{67B899BA-FBA7-475C-A064-DE6DD38002C9}/RP168/A0025657.exe
Virus repaired:
Virus name: 'Vundo.gen214'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12708 / Error
Event Submitted/Written: 07/15/2008 01:43:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjenesten Cardex kan ikke startes på grunn av følgende feil:
%%183

Event Record #/Type12678 / Error
Event Submitted/Written: 07/14/2008 10:38:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjenesten Cardex kan ikke startes på grunn av følgende feil:
%%183

Event Record #/Type12666 / Error
Event Submitted/Written: 07/14/2008 10:38:51 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
SASDIFSV
SASKUTIL

Event Record #/Type12640 / Error
Event Submitted/Written: 07/14/2008 10:10:49 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjenesten Cardex kan ikke startes på grunn av følgende feil:
%%183

Event Record #/Type12629 / Error
Event Submitted/Written: 07/14/2008 10:10:48 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
SASDIFSV
SASKUTIL



-- End of Deckard's System Scanner: finished at 2008-07-15 14:44:24 ------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again.. The warnings from your antivirus are pointing to system restore. So I would like to run a general purpose scan first and clean your restore points. Based on the results from that I will see where to go next :)

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#5
HansErik

HansErik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Malwarebytes' Anti-Malware 1.20
Database version: 957
Windows 5.1.2600 Service Pack 3

11:59:55 16.07.2008
mbam-log-7-16-2008 (11-59-55).txt

Scan type: Quick Scan
Objects scanned: 39928
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\BM7ffcf1ed.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is your system running now - Any further alerts ?
  • 0

#7
HansErik

HansErik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
No. I have not gotten any alerts since the first day actually.. And it is working properly, speed, response etc... Is it clean you think?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

It seems as though it was residing in the system restore - so it was probably an old infection. You may now delete DSS and uninstall MBAM

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#9
HansErik

HansErik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Great! Thanks!

Have a nice holliday.. :)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP