Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hotmail/msn Ad-popup And Inappropriate Ads


  • Please log in to reply
10 replies to this topic

#1 Glazarus

Glazarus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 31 January 2008 - 06:50 AM

Hi, I got an annoying virus/malware whatever that is scaring me alot. I downloaded a Guitarsuitsofware that makes a plugged in guitar have dist in the computer. This software ran online, which was quite strange.
Later I discovered an guitar ad in my MSN that popped up different ads, ranging from partypoker, guitar plectrums to some travel angency etc. Each time I re-open the MSN window, the ad pops up a new Internet Explorer ad.

When I then enter my Hotmail, I discovered that sometimes when I'm maneuver around, it directs me to "partypoker.com" instead of, let's say, my inbox.
There are also no regular ads in my hotmail, instead there are inappropriate porn ads or ads for guitarequipment.
So, there's something that came out of that guitarbleep and I need to pin it down and remove it, beacuse I don't know what it does more then the mentioned.

I have updated my Norton antivirus and have done several fullscans with the system restore off. I've also installed windows defender, updated it and did a scan.
No results...

So, I downloaded this "hijackthis" and I hope you all can help me. I'm at world war three with my own computer here.


Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:29, on 2008-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Winamp\winampa.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\QuickTime\QTTask.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program\valve\steam\steam.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Norman\NPF\NPFMSG.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Norman\NPF\NPFSVICE.EXE
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\netsh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helgon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.174.32 view.atdmt.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Klippbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSI...here/index.html
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norman Type-R - Unknown owner - C:\Program\Norman\NPF\NPFSVICE.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12038 bytes

BC AdBot (Login to Remove)

 


m

#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:07:54 PM

Posted 05 February 2008 - 03:46 PM

Hello Glazarus and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.

When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment. If we do not hear back from you within a couple of days we will need to close your topic.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#3 Glazarus

Glazarus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 01 July 2008 - 05:40 AM

Hi!

I have not been able to get rid of this. I have done EVERYTHING: I have scanned my computer with online virusscanners, my own Zonealarm, I have used speedupmypc, ad-aware, ccleaner, spybot eraser, windows defender, you name it, to erase and detect spyware but without results. I have done this running windows in safemode and with system restore off. I've uninstalled msn and live stuff and removed msn from the registry. I have re-installed explorer and changed my hotmail password.... I can go on and on. I have done everything I can to remove these porn and guitar-ads but without results.
I have seen the ads on other webbpages as well and one that also comes up is "serf the net like this guy". When having the mouse cursor on top of them the link is mostly named "http://servedbyadbutler".
Only thing I've manage to do is to block the ads with zonealarm, but not remove them. I've also realised that there has been massspam sent from my hotmail adress. While the most natural thing would be to create a new adress, I do not know if the same thign will happen to that adress because of the fact that the ads appear on other sites as well; Live adresses are just the most infected.
The ad in msn looks like a yellow guitar and som ads in live mail looks like zoomed in porn images and musical equipment and racks.

This issue occured months ago and I've done numerous scans and removal things during all this time, without result.

So, here is my most recent hijack log I got when using dss.exe



Deckard's System Scanner v20071014.68
Run by Christoffer Glans on 2008-07-01 12:18:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-07-01 10:19:01 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-07-01 09:35:59 UTC - RP7 - Windows Internet Explorer 7 installerades.
6: 2008-07-01 09:35:49 UTC - RP6 - Installed Windows IDNMitigationAPIs.
5: 2008-07-01 09:35:22 UTC - RP5 - Installed Windows NLSDownlevelMapping.
4: 2008-07-01 09:34:46 UTC - RP4 - Installed Windows XP KB915865.


-- First Restore Point --
1: 2008-07-01 09:31:21 UTC - RP1 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 17.58 GiB (less than 15%) free.


-- HijackThis (run as Christoffer Glans.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:23, on 2008-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Windows Defender\MSASCui.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Christoffer Glans\Skrivbord\dss.exe
C:\Program\TRENDM~1\HIJACK~1\Christoffer Glans.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.174.32 view.atdmt.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...here/index.html
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 10274 bytes

-- HijackThis Fixed Entries (C:\Program\TRENDM~1\HIJACK~1\backups\) ------------

backup-20080131-005806-112 O1 - Hosts: 208.109.221.107 ad.doubleclick.net
backup-20080131-005851-543 O1 - Hosts: 208.109.233.197 rad.msn.com
backup-20080131-005851-764 O1 - Hosts: 38.113.170.200 ads1.msn.com

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 UGURU - c:\windows\system32\drivers\uguru.sys <Not Verified; ABIT; ABIT uGuru Micro-Processor Device Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys
R2 DigiNet (Digidesign Ethernet Support) - c:\windows\system32\drivers\diginet.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
R2 ithsgt - c:\windows\system32\drivers\ithsgt.sys
R2 lilsgt - c:\windows\system32\drivers\lilsgt.sys
R3 DumaNT - c:\windows\system32\drivers\dumant.sys <Not Verified; Windows ® 2000 DDK provider; Stereo Helper Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 Memctl - c:\program\abit\blackbox\memctl.sys
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 Winflash - c:\program\abit\flashmenu\winflash.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AvidSDMService (Avid SDM Service) - system32\avidsdmservice.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\program\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DigiRefresh (Digidesign MME Refresh Service) - c:\program\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
R2 nTuneService (nTune Service) - c:\program\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R3 FLEXnet Licensing Service - "c:\program\delade filer\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 AvidStartup (Avid Startup) - system32\avidstartup.exe <Not Verified; ; AvidStartup>
S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S2 wscsvc (Security Center) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {00000000-0000-0000-0000-000000000000}
Description: Ljudstyrenhet för multimedia
Device ID: PCI\VEN_10DE&DEV_003A&SUBSYS_1C1C147B&REV_A1\3&2411E6FE&0&98
Manufacturer:
Name: Ljudstyrenhet för multimedia
PNP Device ID: PCI\VEN_10DE&DEV_003A&SUBSYS_1C1C147B&REV_A1\3&2411E6FE&0&98
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-01 11:42:58 318 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-23 01:13:14 282 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-04-02 15:20:27 338 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-02-04 02:06:29 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 11:33:25 0 d-------- C:\WINDOWS\network diagnostic
2008-07-01 10:55:48 0 dr-h----- C:\Documents and Settings\Christoffer Glans\Recent
2008-07-01 00:21:30 0 d-------- C:\Program\Windows Defender
2008-06-30 23:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-30 23:31:00 0 d-------- C:\Program\SUPERAntiSpyware
2008-06-30 23:31:00 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\SUPERAntiSpyware.com
2008-06-26 12:37:21 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\ameCache
2008-06-25 13:55:39 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\PACE Anti-Piracy
2008-06-25 02:18:52 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\LEAPS
2008-06-07 16:40:36 0 d-------- C:\Program\uTorrent
2008-06-07 16:40:29 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\uTorrent
2008-06-04 17:34:47 0 d-------- C:\WINDOWS\nvidia icons
2008-06-02 15:46:26 0 d-------- C:\Program\Bonjour
2008-06-02 15:41:41 0 d-------- C:\Program\Delade filer\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-07-01 10:23:11 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller
2008-06-30 23:30:34 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-06-28 01:18:18 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-25 02:12:14 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Pegasys Inc
2008-06-25 02:11:41 0 d-------- C:\Program\Pegasys Inc
2008-06-24 16:46:15 0 d-------- C:\Program\Delade filer\Adobe
2008-06-24 14:44:31 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Adobe
2008-06-17 00:34:50 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-04 17:07:47 0 d-------- C:\Program\Delade filer\Real
2008-06-02 15:41:41 0 d-------- C:\Program\Delade filer
2008-05-31 23:50:58 0 d-------- C:\Program\Mass Effect
2008-05-31 23:50:10 0 d-------- C:\Program\Delade filer\BioWare
2008-05-31 01:52:01 0 d-------- C:\Program\MagicISO
2008-05-30 20:25:49 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Creative
2008-05-29 01:23:58 0 d-------- C:\Program\REDCINE
2008-05-28 14:32:08 0 d-------- C:\Program\Creative
2008-05-28 14:31:23 0 d--h----- C:\Program\InstallShield Installation Information
2008-05-28 14:31:07 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-28 14:31:07 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-28 13:55:44 0 d--h----- C:\Program\Creative Installation Information
2008-05-28 13:55:43 0 d-------- C:\Program\Delade filer\Creative
2008-05-26 15:30:49 0 d-------- C:\Program\Rainlendar2
2008-05-25 01:36:54 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Microsoft Games
2008-05-24 12:29:36 0 d-------- C:\Program\National Instruments
2008-05-24 03:38:39 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Avid
2008-05-24 03:26:26 0 d-------- C:\Program\Avid
2008-05-24 03:25:37 0 d-------- C:\Program\Delade filer\PACE Anti-Piracy
2008-05-24 03:24:50 0 d-------- C:\Program\Digidesign
2008-05-24 03:24:46 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\InstallShield
2008-05-24 03:21:19 0 d-------- C:\Program\Delade filer\Avid
2008-05-24 03:17:10 0 d-------- C:\Program\SafeNet Sentinel
2008-05-24 03:17:10 0 d-------- C:\Program\Delade filer\SafeNet Sentinel
2008-05-20 09:49:34 400464 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-05-20 09:49:34 71190 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-05-08 15:35:35 0 d-------- C:\Program\Mamut
2008-05-06 16:21:55 0 d-------- C:\Program\Combined Community Codec Pack
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-18 13:39:13 158661 --a------ C:\WINDOWS\hpoins21.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 17:52 1298024 -ra------ C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 17:52 177768 -ra------ C:\Program\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-03 05:46 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11]
"@"="" []
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-10-19 21:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46]
"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Acrobat Assistant 8.0"="C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"DefaultP17MIDI"=MIDIDEF.EXE
"DefaultP17"=P17Def.Exe

C:\Documents and Settings\Christoffer Glans\Start-meny\Program\Autostart\
Adobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
HPService HPSLPSVC
hpdevmgmt hpqcxs08 hpqddsvc




-- Hosts -----------------------------------------------------------------------

38.113.174.32 dehp.myspace.com
38.113.174.32 demr.myspace.com
38.113.174.32 desk.myspace.com
38.113.174.32 delb.myspace.com
38.113.174.32 delb2.myspace.com
38.113.174.32 debr.myspace.com
38.113.174.32 view.atdmt.com
127.0.0.1 www.cifras.com.br
127.0.0.1 icq.rambler.ru
127.0.0.1 007guard.com

9930 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-01 12:21:28 ------------


Please help me, or else I might go to a hacker and search these "servedbyadbutler" to go and beat them up for real.
I need to get rid of this once and for all!

Edited by Yourhighness, 01 July 2008 - 05:57 AM.
removed spoiler tag


#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:07:54 PM

Posted 01 July 2008 - 06:00 AM

Hi,

please do not use the spoiler tag or attach logs to your replies. Only paste them into your replies directly. If you wish to remove certain info, we can do that manually later on!

You are missing a log. Please redo the following instructions, so that we can start with the cleaning process:

1. Close all windows so that you have nothing open and you are at your Desktop.
2. Click on Start, then click on Run.
3. In the Open: field copy and paste the entire contents inside the CODE box below and press the OK button.
"%userprofile%\Desktop\dss.exe" /config
This will open up DSS configuration.
4. Click on Check All.
5. Click Scan.
DSS will now run again.
6. When finished, please post back both logs that open in Notepad: main.txt and extra.txt.

Thanks,

YoHi

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 Glazarus

Glazarus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 01 July 2008 - 06:21 AM

Here's the main.txt

Deckard's System Scanner v20071014.68
Run by Christoffer Glans on 2008-07-01 13:18:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-07-01 11:18:13 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2008-07-01 11:09:12 UTC - RP10 - Java™ 6 Update 10 installerades
9: 2008-07-01 10:56:35 UTC - RP9 - Java™ 6 Update 5 togs bort
8: 2008-07-01 10:19:01 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-07-01 09:35:59 UTC - RP7 - Windows Internet Explorer 7 installerades.


-- First Restore Point --
1: 2008-07-01 09:31:21 UTC - RP1 - Systemkontrollpunkt


Performed disk cleanup.

System Drive C: has 17.42 GiB (less than 15%) free.


-- HijackThis (run as Christoffer Glans.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:17, on 2008-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Windows Defender\MSASCui.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Christoffer Glans\Skrivbord\dss.exe
C:\Program\TRENDM~1\HIJACK~1\CHRIST~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.174.32 view.atdmt.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...here/index.html
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 10204 bytes

-- HijackThis Fixed Entries (C:\Program\TRENDM~1\HIJACK~1\backups\) ------------

backup-20080131-005806-112 O1 - Hosts: 208.109.221.107 ad.doubleclick.net
backup-20080131-005851-543 O1 - Hosts: 208.109.233.197 rad.msn.com
backup-20080131-005851-764 O1 - Hosts: 38.113.170.200 ads1.msn.com

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 UGURU - c:\windows\system32\drivers\uguru.sys <Not Verified; ABIT; ABIT uGuru Micro-Processor Device Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys
R2 DigiNet (Digidesign Ethernet Support) - c:\windows\system32\drivers\diginet.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
R2 ithsgt - c:\windows\system32\drivers\ithsgt.sys
R2 lilsgt - c:\windows\system32\drivers\lilsgt.sys
R3 DumaNT - c:\windows\system32\drivers\dumant.sys <Not Verified; Windows ® 2000 DDK provider; Stereo Helper Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 Memctl - c:\program\abit\blackbox\memctl.sys
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 Winflash - c:\program\abit\flashmenu\winflash.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AvidSDMService (Avid SDM Service) - system32\avidsdmservice.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\program\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DigiRefresh (Digidesign MME Refresh Service) - c:\program\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
R2 JavaQuickStarterService (Java Quick Starter) - "c:\program\java\jre6\bin\jqs.exe" -service -config "c:\program\java\jre6\lib\deploy\jqs\jqs.conf" <Not Verified; Sun Microsystems, Inc.; Java™ Platform SE 6 U10>
R2 nTuneService (nTune Service) - c:\program\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R3 FLEXnet Licensing Service - "c:\program\delade filer\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 AvidStartup (Avid Startup) - system32\avidstartup.exe <Not Verified; ; AvidStartup>
S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S2 wscsvc (Security Center) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {00000000-0000-0000-0000-000000000000}
Description: Ljudstyrenhet för multimedia
Device ID: PCI\VEN_10DE&DEV_003A&SUBSYS_1C1C147B&REV_A1\3&2411E6FE&0&98
Manufacturer:
Name: Ljudstyrenhet för multimedia
PNP Device ID: PCI\VEN_10DE&DEV_003A&SUBSYS_1C1C147B&REV_A1\3&2411E6FE&0&98
Service:


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 796)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>
2007-04-19 13:41:36 294912 --a------ C:\Program\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1012)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>

C:\WINDOWS\system32\svchost.exe (pid 1244)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>

C:\WINDOWS\explorer.exe (pid 1768)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>
2008-05-13 10:13:36 77824 --a------ C:\Program\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>

C:\WINDOWS\system32\svchost.exe (pid 1800)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>
2007-03-11 23:02:52 131072 --a------ C:\Program\HP\Digital Imaging\bin\hpqddsvc.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2007-03-11 23:02:52 184320 --a------ C:\Program\HP\Digital Imaging\bin\hpqddcmn.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2007-03-11 22:37:52 217088 --a------ C:\Program\HP\Digital Imaging\bin\hpqcxs08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2007-05-14 00:47:50 442368 --a------ C:\Program\HP\Digital Imaging\bin\hpocxi08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2007-05-14 00:47:50 135168 --a------ C:\Program\HP\Digital Imaging\bin\hpqcob08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>

C:\WINDOWS\system32\svchost.exe (pid 1656)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>
2007-03-11 23:02:20 589824 --a------ C:\Program\HP\Digital Imaging\bin\HPSLPSVC32.DLL <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>

C:\WINDOWS\system32\svchost.exe (pid 436)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>
2006-11-08 17:35:36 43520 --a------ C:\WINDOWS\system32\HPZinw12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>

C:\WINDOWS\system32\svchost.exe (pid 1340)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>
2006-11-08 17:35:38 53248 --a------ C:\WINDOWS\system32\HPZipm12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>

C:\WINDOWS\system32\svchost.exe (pid 1740)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>

C:\WINDOWS\system32\svchost.exe (pid 3476)
2005-07-03 15:07:26 29712 --a------ C:\WINDOWS\system32\myokent.dll <Not Verified; Jamie O'Connell; MIDI Yoke Junction NT>


-- Scheduled Tasks -------------------------------------------------------------

2008-07-01 13:07:00 318 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-23 01:13:14 282 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-04-02 15:20:27 338 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-02-04 02:06:29 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 13:09:15 0 d-------- C:\Program\Java
2008-07-01 11:33:25 0 d-------- C:\WINDOWS\network diagnostic
2008-07-01 10:55:48 0 dr-h----- C:\Documents and Settings\Christoffer Glans\Recent
2008-07-01 00:21:30 0 d-------- C:\Program\Windows Defender
2008-06-30 23:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-30 23:31:00 0 d-------- C:\Program\SUPERAntiSpyware
2008-06-30 23:31:00 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\SUPERAntiSpyware.com
2008-06-26 12:37:21 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\ameCache
2008-06-25 02:18:52 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\LEAPS
2008-06-07 16:40:36 0 d-------- C:\Program\uTorrent
2008-06-07 16:40:29 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\uTorrent
2008-06-04 17:34:47 0 d-------- C:\WINDOWS\nvidia icons
2008-06-02 15:46:26 0 d-------- C:\Program\Bonjour
2008-06-02 15:41:41 0 d-------- C:\Program\Delade filer\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-07-01 12:56:54 0 d-------- C:\Program\Delade filer
2008-07-01 10:23:11 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller
2008-06-30 23:30:34 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-06-28 01:18:18 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-25 02:12:14 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Pegasys Inc
2008-06-25 02:11:41 0 d-------- C:\Program\Pegasys Inc
2008-06-24 16:46:15 0 d-------- C:\Program\Delade filer\Adobe
2008-06-24 14:44:31 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Adobe
2008-06-17 00:34:50 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-04 17:07:47 0 d-------- C:\Program\Delade filer\Real
2008-05-31 23:50:58 0 d-------- C:\Program\Mass Effect
2008-05-31 23:50:10 0 d-------- C:\Program\Delade filer\BioWare
2008-05-31 01:52:01 0 d-------- C:\Program\MagicISO
2008-05-30 20:25:49 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Creative
2008-05-29 01:23:58 0 d-------- C:\Program\REDCINE
2008-05-28 14:32:08 0 d-------- C:\Program\Creative
2008-05-28 14:31:23 0 d--h----- C:\Program\InstallShield Installation Information
2008-05-28 14:31:07 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-28 14:31:07 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-28 13:55:44 0 d--h----- C:\Program\Creative Installation Information
2008-05-28 13:55:43 0 d-------- C:\Program\Delade filer\Creative
2008-05-26 15:30:49 0 d-------- C:\Program\Rainlendar2
2008-05-25 01:36:54 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Microsoft Games
2008-05-24 12:29:36 0 d-------- C:\Program\National Instruments
2008-05-24 03:38:39 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Avid
2008-05-24 03:26:26 0 d-------- C:\Program\Avid
2008-05-24 03:25:37 0 d-------- C:\Program\Delade filer\PACE Anti-Piracy
2008-05-24 03:24:50 0 d-------- C:\Program\Digidesign
2008-05-24 03:24:46 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\InstallShield
2008-05-24 03:21:19 0 d-------- C:\Program\Delade filer\Avid
2008-05-24 03:17:10 0 d-------- C:\Program\SafeNet Sentinel
2008-05-24 03:17:10 0 d-------- C:\Program\Delade filer\SafeNet Sentinel
2008-05-20 09:49:34 400464 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-05-20 09:49:34 71190 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-05-08 15:35:35 0 d-------- C:\Program\Mamut
2008-05-06 16:21:55 0 d-------- C:\Program\Combined Community Codec Pack
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-18 13:39:13 158661 --a------ C:\WINDOWS\hpoins21.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 17:52 1298024 -ra------ C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 17:52 177768 -ra------ C:\Program\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-07-01 13:09 34816 --a------ C:\Program\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-07-01 13:09 73728 --a------ C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-03 05:46 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34]
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11]
"@"="" []
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-10-19 21:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46]
"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Acrobat Assistant 8.0"="C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54]
"SunJavaUpdateSched"="C:\Program\Java\jre6\bin\jusched.exe" [2008-07-01 13:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"DefaultP17MIDI"=MIDIDEF.EXE
"DefaultP17"=P17Def.Exe

C:\Documents and Settings\Christoffer Glans\Start-meny\Program\Autostart\
Adobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
HPService HPSLPSVC
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - JAVAQUICKSTARTERSERVICE
*Newly Created Service* - NVR0DEV



-- Hosts -----------------------------------------------------------------------

38.113.174.32 dehp.myspace.com
38.113.174.32 demr.myspace.com
38.113.174.32 desk.myspace.com
38.113.174.32 delb.myspace.com
38.113.174.32 delb2.myspace.com
38.113.174.32 debr.myspace.com
38.113.174.32 view.atdmt.com
127.0.0.1 www.cifras.com.br
127.0.0.1 icq.rambler.ru
127.0.0.1 007guard.com

9930 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-01 13:19:37 ------------



And the Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: Intel® Pentium® D CPU 3.40GHz
CPU 1: Intel® Pentium® D CPU 3.40GHz
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 3071.48 MiB / 2506.63 MiB
Pagefile Memory (total/avail): 4449.31 MiB / 3979.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 279.47 GiB total, 17.42 GiB free.
D: is CDROM (No Media)
E: is CDROM (UDF)
F: is Fixed (NTFS) - 279.47 GiB total, 57.06 GiB free.
I: is Fixed (NTFS) - 186.29 GiB total, 77.55 GiB free.

\\.\PHYSICALDRIVE1 - Maxtor 6V300F0 - 279.47 GiB - 1 partition
\PARTITION0 (bootable) - Installerbart filsystem - 279.47 GiB - C:

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 279.47 GiB - F:
\PARTITION1 - Installerbart filsystem - 186.29 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.470.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.470.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\ABIT\\FlashMenu\\FlashMenu.exe"="C:\\Program\\ABIT\\FlashMenu\\FlashMenu.exe:*:Enabled:ABIT FlashMenu Application"
"C:\\Program\\Autodesk\\backburner\\monitor.exe"="C:\\Program\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program\\Autodesk\\backburner\\manager.exe"="C:\\Program\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program\\Autodesk\\backburner\\server.exe"="C:\\Program\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program\\SmartFTP Client\\SmartFTP.exe"="C:\\Program\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"D:\\setup\\HPZnui01.exe"="D:\\setup\\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program\\BitLord\\BitLord.exe"="C:\\Program\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program\\Mass Effect\\Binaries\\MassEffect.exe"="C:\\Program\\Mass Effect\\Binaries\\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\\Program\\Mass Effect\\MassEffectLauncher.exe"="C:\\Program\\Mass Effect\\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Christoffer Glans\Application Data
CLASSPATH=.;C:\Program\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=GLANS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Christoffer Glans
KMP_DUPLICATE_LIB_OK=TRUE
LOGONSERVER=\\GLANS
MKL_SERIAL=YES
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\Delade filer\Avid;C:\Program\Delade filer\Autodesk Shared\;C:\Program\Autodesk\backburner\;C:\Program\Delade filer\Adobe\AGL;C:\Program\QuickTime\QTSystem\;C:\VISA\WinNTBin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program
PROMPT=$P$G
QTJAVA=C:\Program\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRIST~1\LOKALA~1\Temp
TMP=C:\DOCUME~1\CHRIST~1\LOKALA~1\Temp
tvdumpflags=8
USERDOMAIN=GLANS
USERNAME=Christoffer Glans
USERPROFILE=C:\Documents and Settings\Christoffer Glans
VXIPNPPATH=C:\VISA
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Christoffer Glans (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> C:\Program\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program\Delade filer\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3Prong AVX Plug-Ins --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\3PV107.INF, DefaultUninstall.ntx86
ABIT uGuru --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\Setup.exe" -l0x9
AC3Filter (remove only) --> C:\Program\AC3Filter\uninstall.exe
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program\Delade filer\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program\Delade filer\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore DVD 1.5 --> RunDll32 "C:\Program\Delade filer\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program\InstallShield Installation Information\{6BD31B80-7E9E-4FAF-B911-0AC31FB94BF6}\setup.exe" -l0x0009
Adobe ExtendScript Toolkit 2 --> C:\Program\Delade filer\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.8 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70800000002}
Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{47813E93-F2A0-484A-838E-47EC1B28D190}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
All2Txt 2.3 --> "C:\Program\All2Txt\unins000.exe"
AP Tuner 3.08 --> "C:\Program\AP Tuner\AP Tuner 3.08\uninstall.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program\uTorrent\uTorrent.exe" /UNINSTALL
Avid Codecs PE --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{925FD698-7493-4647-BCEA-96A269DC5418}\SETUP.exe" -l0x9 -removeonly
Avid Core Runtime --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{031AD3D9-4BC7-4BDD-B21A-2CFD429633D2}\setup.exe" -l0x9 -removeonly
Avid DIO Runtime --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6D2085FF-5699-4B4D-9775-A93346F6F064}\SETUP.exe" -l0x9 -removeonly
Avid DNADiags --> MsiExec.exe /X{0474522C-5C67-4E5A-B357-9F79D5068A79}
Avid EDL Manager --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{528A39B3-32A5-4B79-A7A7-D55104D6DCC8}\setup.exe" -l0x9 -removeonly
Avid FilmScribe --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CC4976E1-9CDB-4B5F-BF3F-FF71A56BC16A}\setup.exe" -l0x9 -removeonly
Avid Log Exchange --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D082AB81-5910-4BCE-848C-F86D2922D319}\setup.exe" -l0x9 -removeonly
Avid Media Composer --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{13CD8673-E2E6-4177-8243-D01B4B8FD65C}\setup.exe" -l0x9 -removeonly
Avid MediaLog --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{18432B2D-879C-4F6A-85D6-1B9907CAC84F}\setup.exe" -l0x9 -removeonly
Avid MetaSync --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3A88C222-BEE9-4EB6-BD5A-BABCF1907B41}\setup.exe" -l0x9 -removeonly
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BenVista PhotoZoom Pro 2.3.2 --> C:\Program\PhotoZoom Pro 2\Uninstall.exe
BitLord 1.1 --> C:\Program\BitLord\uninst.exe
Canon EOS 20D WIA Driver --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}
Canon Utilities Digital Photo Professional 2.1 --> "C:\Program\Delade filer\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program\Canon\Digital Photo Professional\DPP\Uninst.ini"
Canon Utilities EOS Capture 1.2 --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{74BE7519-41A7-45A8-8AA6-78C7907A4808}
Canon Utilities EOS Viewer Utility 1.2 --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{750CF8D7-4B04-404F-AFA2-14C129C42373}
Canon Utilities PhotoStitch 3.1 --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
CCleaner (remove only) --> "C:\Program\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-01-24 --> "C:\Program\Combined Community Codec Pack\unins001.exe"
Creative EAX Console --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Speaker Settings --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Device Control --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
Digidesign Audio Drivers 7.3.1 --> C:\Program\InstallShield Installation Information\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX --> C:\Program\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dream Aquarium --> "C:\Program\Dream Aquarium\UnInstall.exe"
GCFScape 1.4.1 --> "C:\Program\GCFScape\unins000.exe"
Gears of War --> ".:\Gears of War\unins000.exe"
GenArts Sapphire for AVX 1.21 --> C:\Program\GenArts\UNWISE.EXE C:\Program\GenArts\INSTALL.LOG
GenArts Sapphire Plug-ins v2 for AVX --> C:\Program\GenArts\SAPPHI~1\UNWISE.EXE C:\Program\GenArts\SAPPHI~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Half-Life 2: Episode Two --> "C:\program\valve\steam\steam.exe" steam://uninstall/420
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2 --> "C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0 --> C:\Program\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0 --> C:\Program\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0 --> C:\Program\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01 --> C:\Program\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel® Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iTunes --> C:\Program\DELADE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1053
Java™ 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Mamut Business Software --> MsiExec.exe /X{96A1C6AA-55F6-40B7-956A-D7AA2EE47133}
Mass Effect --> C:\Program\Delade filer\BioWare\Uninstall Mass Effect.exe
Max Payne 2 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Small Business --> MsiExec.exe /I{9113041D-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MIDI Yoke --> MsiExec.exe /I{EBEAFDCE-7E22-4055-BC60-CBF418D57BAB}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Christoffer Glans\Application Data\Move Networks\ie_bin\Uninst.exe
Neat Image v5.2 Pro+ --> "C:\Program\Neat Image\unins000.exe"
Nero Suite --> C:\Program\Delade filer\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1053
NVIDIA PureVideo Decoder --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers --> nvStInst.exe /uninstall /ask
Oblivion --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL --> "C:\Program\OpenAL\oalinst.exe" /U
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Penumbra Black Plague --> "C:\Program\Paradox Interactive\Penumbra Black Plague\unins000.exe"
Pirates, Vikings and Knights II Beta 1.1 --> c:\program\valve\steam\SteamApps\SourceMods\pvkii\uninst.exe
Portal --> "C:\program\valve\steam\steam.exe" steam://uninstall/400
PowerDVD --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Rainlendar2 (remove only) --> "C:\Program\Rainlendar2\uninst.exe"
RealPlayer --> C:\Program\Delade filer\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 3.0 --> "C:\Program\Propellerhead\Reason\Uninstall Reason\unins000.exe"
REDCINE --> MsiExec.exe /I{364AE216-2862-4805-A098-392C1EB96345}
Riva FLV Encoder 2.0 --> "C:\Program\Riva\Riva FLV Encoder 2.0\unins000.exe"
Sentinel Protection Installer 7.3.2 --> MsiExec.exe /I{EDFE2142-CFB3-44AB-A961-DE85F6408A28}
Shortcut PhotoZoom Pro --> C:\Program\Shortcut\PhotoZoom Pro\Uninstall.exe
Silent Hill --> C:\WINDOWS\iun6002ev.exe "C:\Program\Silent Hill\irunin.ini"
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sorenson Squeeze 4.5 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}\setup.exe" -l0x9
Source SDK Base --> "C:\program\valve\steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Team Fortress 2 --> "C:\program\valve\steam\steam.exe" steam://uninstall/440
TMPGEnc Plus 2.5 --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A1E27FF-BE53-45B4-950F-060236E98E3D}
TPTEST 5.0.2 --> "C:\Program\TPTEST5\unins000.exe"
Uniblue RegistryBooster 2 --> "C:\Program\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "C:\Program\Uniblue\SpyEraser\unins000.exe"
Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Winamp --> "C:\Program\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR --> C:\Program\WinRAR\uninstall.exe
XviD Video Codec 01082002-1 (Koepi's build with EPSZ ME) --> "C:\Program\XviD\UninstXviD.exe"
ZoneAlarm Security Suite --> C:\Program\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type21196 / Error
Event Submitted/Written: 07/01/2008 01:18:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program iexplore.exe, version 7.0.6000.16674, felaktig modul hpswp_subclasser.dll, version 2.15.7.0, felaktig adress 0x000091f3.
Mediespecifik händelse behandlas för [iexplore.exe!ws!]

Event Record #/Type21187 / Warning
Event Submitted/Written: 07/01/2008 01:01:26 PM
Event ID/Source: 1524 / Userenv
Event Description:
Det går inte att ta bort klassregisterfilen ur minnet eftersom den fortfarande används av andra program eller tjänster. Filen kommer att tas bort från minnet när den inte längre används.

Event Record #/Type21174 / Warning
Event Submitted/Written: 07/01/2008 11:37:13 AM
Event ID/Source: 1524 / Userenv
Event Description:
Det går inte att ta bort klassregisterfilen ur minnet eftersom den fortfarande används av andra program eller tjänster. Filen kommer att tas bort från minnet när den inte längre används.

Event Record #/Type21161 / Success
Event Submitted/Written: 07/01/2008 10:28:00 AM
Event ID/Source: 12001 / usnjsvc
Event Description:


Event Record #/Type21147 / Warning
Event Submitted/Written: 07/01/2008 10:03:43 AM
Event ID/Source: 1524 / Userenv
Event Description:
Det går inte att ta bort klassregisterfilen ur minnet eftersom den fortfarande används av andra program eller tjänster. Filen kommer att tas bort från minnet när den inte längre används.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type55553 / Warning
Event Submitted/Written: 07/01/2008 01:18:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLANS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLANS27 can't undo changes that you allow.

For more information please see the following:
%GLANS275

Scan ID: {3251214C-991F-4FFC-9ED6-158F751F5811}

User: GLANS\Christoffer Glans

Name: %GLANS271

ID: %GLANS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GLANS276

Alert Type: %GLANS278

Detection Type: 1.1.1593.02

Event Record #/Type55552 / Warning
Event Submitted/Written: 07/01/2008 01:18:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLANS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLANS27 can't undo changes that you allow.

For more information please see the following:
%GLANS275

Scan ID: {F7214595-260E-48CA-BFC5-20033684FFF8}

User: GLANS\Christoffer Glans

Name: %GLANS271

ID: %GLANS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GLANS276

Alert Type: %GLANS278

Detection Type: 1.1.1593.02

Event Record #/Type55551 / Warning
Event Submitted/Written: 07/01/2008 01:18:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLANS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLANS27 can't undo changes that you allow.

For more information please see the following:
%GLANS275

Scan ID: {89C9F729-9660-402B-BD79-214C21EA6D45}

User: GLANS\Christoffer Glans

Name: %GLANS271

ID: %GLANS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GLANS276

Alert Type: %GLANS278

Detection Type: 1.1.1593.02

Event Record #/Type55550 / Warning
Event Submitted/Written: 07/01/2008 01:18:35 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLANS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLANS27 can't undo changes that you allow.

For more information please see the following:
%GLANS275

Scan ID: {05DA5DCD-7116-4107-A457-F6E5C92358CF}

User: GLANS\Christoffer Glans

Name: %GLANS271

ID: %GLANS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GLANS276

Alert Type: %GLANS278

Detection Type: 1.1.1593.02

Event Record #/Type55549 / Warning
Event Submitted/Written: 07/01/2008 01:18:35 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLANS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLANS27 can't undo changes that you allow.

For more information please see the following:
%GLANS275

Scan ID: {6E408D66-9FBD-4957-85F3-CD205118E009}

User: GLANS\Christoffer Glans

Name: %GLANS271

ID: %GLANS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %GLANS276

Alert Type: %GLANS278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-01 13:19:37 ------------



Hope it works now?

#6 Glazarus

Glazarus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 01 July 2008 - 09:30 AM

Did the last post give enough info? I'm totally lost on this issue and I really need to fix this before something serious happens... :/

#7 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:07:54 PM

Posted 01 July 2008 - 03:35 PM

Hey Glazarus,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

The following is referring to Uniblue RegistryBooster 2.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

Now that we have cleared some general information, lets do this please:

Step #1

Please download Malwarebytes' Anti-Malware from Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Once we have that log, we will go from there. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#8 Glazarus

Glazarus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 02 July 2008 - 07:08 AM

Hi again!

Here's the mbam log:

Malwarebytes' Anti-Malware 1.19
Databasversion: 913
Windows 5.1.2600 Service Pack 2

13:11:05 2008-07-02
mbam-log-7-2-2008 (13-11-05).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 40597
Förfluten tid: 3 minute(s), 48 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 1
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_CURRENT_USER\SOFTWARE\Plate (Adware.Agent) -> Quarantined and deleted successfully.

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)


And here is the Hijack log after the scan and removal:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:57, on 2008-07-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Windows Defender\MSASCui.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.174.32 view.atdmt.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...here/index.html
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 10442 bytes



Still nothing helped, even if it removed some adware from the registry...
I already know what it is that infected my computer, I think it was mentioned in the first post. It was a program that enabled me to play guitar with distortion when directly plugged into my computer.
Strangely it needed internet connection so I uninstalled it but then found all these infected ads. Major evidence is that the majority of the ads are guitar and music equipment ads while the rest is "serf the net like this guy" and porn. As also mentioned I've tried everything, every malware/adware removal, virusscans, uniblues all three programs including spyeraser.
I think you should approach this as a mystery rather then the traditional because I've tried just about every removal program out there... bleeping computer is my last resort before throwing this junk of a computer out the window. Thanks for the help so far but it's not fixed yet :thumbsup:

Edited by Glazarus, 02 July 2008 - 07:10 AM.


#9 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:07:54 PM

Posted 02 July 2008 - 02:01 PM

Hi Glazarus,

can you remember the exact name of the programme?

Step #1

Run HijackThis, press Scan, and put a check mark next to all these entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all other windows and browsers, and press the Fix Checked button.

Step #2

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step #3

Please download and unzip Wscfix.
You will now see two files: Wscsvcfix.exe and readme.txt. Double-click Wscsvcfix.exe to run the program.
Click the Inspect and Fix button once, and then restart Windows for the changes to take effect.
Note that this utility requires administrator credentials to run correctly.

Step #4
  • Please download HostsMan
  • Double-click the Downloaded installer (HostsMan) and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Update Sources" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you click on the following button to retrieve updates (make sure the radio button "Overwrite current Hosts" is selected for this run, afterwards you can chose to Merge the Hosts file):
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
  • ]Some more info about Hostsfiles can be found in this tutorial: The Hosts File and what it can do for you
Step #5

Please run dss.exe again and post back with a fresh log. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#10 Glazarus

Glazarus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 03 July 2008 - 03:23 AM

After running hostman all ads are gone, but that seems to just mean that they are blocked, not that my computer is actually cured from the infection?


Here's the deckard log for now:

Deckard's System Scanner v20071014.68
Run by Christoffer Glans on 2008-07-03 10:19:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 16.17 GiB (less than 15%) free.


-- HijackThis (run as Christoffer Glans.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:15, on 2008-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Windows Defender\MSASCui.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Christoffer Glans\Skrivbord\Downloads\Datorn Down\Computer managment\dss.exe
C:\Program\TRENDM~1\HIJACK~1\CHRIST~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17MIDI] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/adobe/MTSI...here/index.html
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10136 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 10:08:35 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\abelhadigital.com
2008-07-03 10:08:35 0 d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2008-07-03 10:08:06 0 d-------- C:\Program\abelhadigital.com
2008-07-02 13:05:08 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Malwarebytes
2008-07-02 13:05:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 13:05:03 0 d-------- C:\Program\Malwarebytes' Anti-Malware
2008-07-01 17:59:58 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\PACE Anti-Piracy
2008-07-01 16:58:39 0 d-------- C:\Program\Windows Live
2008-07-01 13:09:15 0 d-------- C:\Program\Java
2008-07-01 11:33:25 0 d-------- C:\WINDOWS\network diagnostic
2008-07-01 10:55:48 0 dr-h----- C:\Documents and Settings\Christoffer Glans\Recent
2008-07-01 00:21:30 0 d-------- C:\Program\Windows Defender
2008-06-30 23:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-30 23:31:00 0 d-------- C:\Program\SUPERAntiSpyware
2008-06-30 23:31:00 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\SUPERAntiSpyware.com
2008-06-26 12:37:21 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\ameCache
2008-06-25 02:18:52 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\LEAPS
2008-06-07 16:40:36 0 d-------- C:\Program\uTorrent
2008-06-07 16:40:29 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\uTorrent
2008-06-04 17:34:47 0 d-------- C:\WINDOWS\nvidia icons


-- Find3M Report ---------------------------------------------------------------

2008-07-01 12:56:54 0 d-------- C:\Program\Delade filer
2008-07-01 10:23:11 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller
2008-06-30 23:30:34 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-06-28 01:18:18 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-25 02:12:14 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Pegasys Inc
2008-06-25 02:11:41 0 d-------- C:\Program\Pegasys Inc
2008-06-24 16:46:15 0 d-------- C:\Program\Delade filer\Adobe
2008-06-24 14:44:31 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Adobe
2008-06-17 00:34:50 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-04 17:07:47 0 d-------- C:\Program\Delade filer\Real
2008-06-02 15:46:26 0 d-------- C:\Program\Bonjour
2008-06-02 15:41:41 0 d-------- C:\Program\Delade filer\Macrovision Shared
2008-05-31 23:50:58 0 d-------- C:\Program\Mass Effect
2008-05-31 23:50:10 0 d-------- C:\Program\Delade filer\BioWare
2008-05-31 01:52:01 0 d-------- C:\Program\MagicISO
2008-05-30 20:25:49 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Creative
2008-05-29 01:23:58 0 d-------- C:\Program\REDCINE
2008-05-28 14:32:08 0 d-------- C:\Program\Creative
2008-05-28 14:31:23 0 d--h----- C:\Program\InstallShield Installation Information
2008-05-28 14:31:07 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-28 14:31:07 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-28 13:55:44 0 d--h----- C:\Program\Creative Installation Information
2008-05-28 13:55:43 0 d-------- C:\Program\Delade filer\Creative
2008-05-26 15:30:49 0 d-------- C:\Program\Rainlendar2
2008-05-25 01:36:54 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Microsoft Games
2008-05-24 12:29:36 0 d-------- C:\Program\National Instruments
2008-05-24 03:38:39 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\Avid
2008-05-24 03:26:26 0 d-------- C:\Program\Avid
2008-05-24 03:25:37 0 d-------- C:\Program\Delade filer\PACE Anti-Piracy
2008-05-24 03:24:50 0 d-------- C:\Program\Digidesign
2008-05-24 03:24:46 0 d-------- C:\Documents and Settings\Christoffer Glans\Application Data\InstallShield
2008-05-24 03:21:19 0 d-------- C:\Program\Delade filer\Avid
2008-05-24 03:17:10 0 d-------- C:\Program\SafeNet Sentinel
2008-05-24 03:17:10 0 d-------- C:\Program\Delade filer\SafeNet Sentinel
2008-05-20 09:49:34 400464 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-05-20 09:49:34 71190 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-05-08 15:35:35 0 d-------- C:\Program\Mamut
2008-05-06 16:21:55 0 d-------- C:\Program\Combined Community Codec Pack
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-18 13:39:13 158661 --a------ C:\WINDOWS\hpoins21.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 17:52 1298024 -ra------ C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 17:52 177768 -ra------ C:\Program\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-07-01 13:09 34816 --a------ C:\Program\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-07-01 13:09 73728 --a------ C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-03 05:46 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34]
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11]
"@"="" []
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-10-19 21:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46]
"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Acrobat Assistant 8.0"="C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54]
"SunJavaUpdateSched"="C:\Program\Java\jre6\bin\jusched.exe" [2008-07-01 13:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"DefaultP17MIDI"=MIDIDEF.EXE
"DefaultP17"=P17Def.Exe

C:\Documents and Settings\Christoffer Glans\Start-meny\Program\Autostart\
Adobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
HPService HPSLPSVC
hpdevmgmt hpqcxs08 hpqddsvc




-- End of Deckard's System Scanner: finished at 2008-07-03 10:19:57 ------------

#11 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:07:54 PM

Posted 03 July 2008 - 04:10 PM

Hey Glazarus,

After running hostman all ads are gone, but that seems to just mean that they are blocked, not that my computer is actually cured from the infection?

This is most likely due to some files that we swept off your pc with ATF cleaner. Your hostsfile was hijacked and redirecting you to sites other than what you typed.

Step #1

Please run the F-Secure Online Scanner
(You need to use InternetExplorer or enable IEView in Firefox)
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #2

How is your pc doing. Are you still experiencing any problems?

Step #3

Please post back with the F-Secure report. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users