Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Packed.win32.monder.gen


  • This topic is locked This topic is locked
2 replies to this topic

#1 zkipper

zkipper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 29 April 2008 - 01:32 PM

Dear support!

I have recently been infected with this trojan virus, and i am in need of help. It all started with my IE got invaded with popups about a week or two ago. After that i ttied to install various kind of spyware/antivirus programs, such as Uniblu software, kaspersky, windows defender and f-secure. But none of them managed to remove it. It all got worse, and a few days ago i got flooded with messages from f-secure saying a was infected with a trojan called "Packed.Win32.Monder.gen". F-secure couldnt remove it so i uninstalled the program and now atleast i dont get the messages.

I have read your guides on how to create logfiles from combofix, hijackthis and dss. I am hoping someone of you could take a look at these logfiles and tell me wheter i am still infected or not.

Many thanks!

Best regards/

Martin

*******************************************************************************

ComboFix 08-04-28.2 - Martin 2008-04-29 19:48:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.582 [GMT 2:00]
Running from: C:\Documents and Settings\Martin\Skrivbord\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bwekrxuc.dll
C:\WINDOWS\system32\cojkfwqs.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\GMpAddMp.ini
C:\WINDOWS\system32\GMpAddMp.ini2
C:\WINDOWS\system32\gonolytn.ini
C:\WINDOWS\system32\isyffbkt.dll
C:\WINDOWS\system32\lioefupp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oglgmuon.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pMddApMG.dll
C:\WINDOWS\system32\ppufeoil.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\quplcyeh.ini
C:\WINDOWS\system32\rfarntjv.ini
C:\WINDOWS\system32\rovuqoin.dll
C:\WINDOWS\system32\ruplyhff.ini
C:\WINDOWS\system32\sersonrh.ini
C:\WINDOWS\system32\toxypbse.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wyfrltom.ini
C:\WINDOWS\system32\ykvyprcp.dll
C:\WINDOWS\system32\ylcvctpe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-27 00:03 . 2008-04-27 00:07 2,341,504 --a------ C:\Documents and Settings\Martin\06_battery_acid-mfn.mp3.HP5GVJKTKKSM5ECPBWQCWVI4QKS5ELJVIAC6YMY.dctmp
2008-04-16 19:03 . 2008-04-16 19:03 <KAT> d-------- C:\Documents and Settings\Martin\Application Data\PEX
2008-04-16 19:03 . 2008-04-16 22:09 <KAT> d-------- C:\Documents and Settings\Martin\Application Data\F-Secure
2008-04-16 18:50 . 2008-04-29 19:10 <KAT> d-------- C:\Program\Bredbandsbolaget Security Services
2008-04-15 22:52 . 2008-04-15 22:52 <KAT> d-------- C:\fsaua.data
2008-04-14 19:59 . 2008-04-14 19:59 <KAT> d-------- C:\Program\Kaspersky Lab
2008-04-14 19:54 . 2008-04-14 19:54 <KAT> d-------- C:\KAV
2008-04-14 19:51 . 2007-03-27 14:54 <KAT> d-------- C:\Documents and Settings\Martin\Setup
2008-04-14 19:51 . 2007-03-22 16:08 <KAT> d-------- C:\Documents and Settings\Martin\Keys
2008-04-14 17:45 . 2008-04-29 18:01 109,111 --a------ C:\WINDOWS\BM07ceef4a.xml
2008-04-07 19:02 . 2008-04-07 19:03 <KAT> d-------- C:\Program\SopCast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 17:07 --------- d-----w C:\Program\Citrix
2008-04-29 17:06 --------- d-----w C:\Program\Java
2008-04-26 22:07 --------- d-----w C:\Program\DC++
2008-04-16 18:41 --------- d-----w C:\Documents and Settings\Martin\Application Data\Skype
2008-04-15 20:52 --------- d-----w C:\Documents and Settings\Martin\Application Data\Uniblue
2008-04-15 20:33 --------- d-----w C:\Program\My Application
2008-04-15 19:31 --------- d-----w C:\Program\Uniblue
2008-04-14 23:44 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6861.sys
2008-04-14 20:44 --------- d-----w C:\Documents and Settings\Martin\Application Data\uTorrent
2008-04-14 17:55 --------- d--h--w C:\Program\InstallShield Installation Information
2008-04-02 19:34 --------- d-----w C:\Program\Svenska Spels Poker
2008-04-01 17:15 --------- d-----w C:\Documents and Settings\Martin\Application Data\U3
2008-03-21 11:16 --------- d-----w C:\Program\PartyGaming
2008-03-21 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-21 10:27 --------- d-----w C:\Program\Full Tilt Poker
2008-03-21 10:26 --------- d-----w C:\Program\Championship Manager 2007
2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:10 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:32 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 17:58 --------- d-----w C:\Program\QuickSFV
2008-02-29 17:58 --------- d-----w C:\Program\NetLimiter
2008-02-29 17:58 --------- d-----w C:\Program\MSN Messenger
2008-02-29 17:47 --------- d-----w C:\Program\Delade filer\Autodesk Shared
2008-02-29 17:45 --------- d-----w C:\Program\AutoCAD 2005
2008-02-29 09:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-24 12:08 289,792 ----a-w C:\Documents and Settings\Martin\DivXfix.exe
2002-05-14 16:22 122,880 ----a-w C:\Program\RarExt.dll
2006-05-06 16:42 7,260,160 ----a-w C:\Program\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 16:39 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"updateMgr"="C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"SynTPLpr"="C:\Program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 18:44 98394]
"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 18:43 688218]
"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 16:35 7630848]
"nwiz"="nwiz.exe" [2006-08-16 16:35 1617920 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16:48 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"DetectorApp"="C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 12:08 147456]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648]
"Easy-PrintToolBox"="C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Bredbandsbolaget Servicecenter"="C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" [2007-04-16 16:58 184320]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"systemfile"="C:\WINDOWS\system32\drivers\Explorer.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sSMdEwtU]
sSMdEwtU.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\Program\DELADE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\Program\DELADE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\Program\DELADE~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\uTorrent\\utorrent.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
"C:\\Program\\@Last Software\\SketchUp 5\\SketchUp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program\\MSN Messenger\\livecall.exe"=
"C:\\Program\\Bredbandsbolaget\\Servicecenter\\Bredbandsbolaget.exe"=
"C:\\APPS\\skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2784:TCP"= 2784:TCP

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 06:49]
S2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program\DynDNS Updater\DynDNS.exe []
S2 winmgt;Windows Management;C:\WINDOWS\system32\wins\winmgmt.exe [2004-11-11 12:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e45e724-2006-11dc-92d3-ee1ea7150ee6}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e45e726-2006-11dc-92d3-ee1ea7150ee6}]
\Shell\AutoRun\command - G:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 17:48:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"
- C:\Program\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-21 10:10:26 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-21 10:10:26 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-21 10:32:37 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 19:49:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\"c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00P
[%\00«Ô‘|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\003\03pè\13\00pè\13\00\18î"

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
Completion time: 2008-04-29 19:50:08
ComboFix-quarantined-files.txt 2008-04-29 17:50:02

Pre-Run: 17,168,678,912 byte ledigt
Post-Run: 17,155,715,072 byte ledigt

195 --- E O F --- 2008-04-24 18:55:48

***************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:30, on 2008-04-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program\Logitech\Video\LogiTray.exe
C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Martin\Skrivbord\Martin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DetectorApp] C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [systemfile] C:\WINDOWS\system32\drivers\Explorer.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.181.87.189/activex/AxisCamControl.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: sSMdEwtU - sSMdEwtU.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Windows Management (winmgt) - Unknown owner - C:\WINDOWS\system32\wins\winmgmt.exe

--
End of file - 8279 bytes

*************************************************************************************

Deckard's System Scanner v20071014.68
Run by Martin on 2008-04-29 19:56:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-04-29 17:56:48 UTC - RP441 - Deckard's System Scanner Restore Point
21: 2008-04-29 17:25:24 UTC - RP440 - ComboFix created restore point
20: 2008-04-29 17:06:03 UTC - RP439 - Java™ 6 Update 5 togs bort
19: 2008-04-29 17:05:14 UTC - RP438 - Java™ 6 Update 3 togs bort
18: 2008-04-29 17:04:00 UTC - RP437 - Java™ 6 Update 2 togs bort


-- First Restore Point --
1: 2008-04-19 12:35:56 UTC - RP420 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Martin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:56, on 2008-04-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program\Logitech\Video\LogiTray.exe
C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Martin\Skrivbord\dss.exe
C:\DOCUME~1\Martin\SKRIVB~1\Martin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DetectorApp] C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [systemfile] C:\WINDOWS\system32\drivers\Explorer.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.181.87.189/activex/AxisCamControl.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: sSMdEwtU - sSMdEwtU.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Windows Management (winmgt) - Unknown owner - C:\WINDOWS\system32\wins\winmgmt.exe

--
End of file - 8316 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R4 catchme - c:\combofix\catchme.sys (file missing)

S1 eeCtrl (Symantec Eraser Control driver) - c:\program\delade filer\symantec shared\eengine\eectrl.sys (file missing)
S3 EraserUtilRebootDrv - c:\program\delade filer\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\apps\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 USBDeviceService - c:\program\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>

S2 DynDNS_Updater_Service (DynDNS Updater Service) - c:\program\dyndns updater\dyndns.exe (file missing)
S2 winmgt (Windows Management) - c:\windows\system32\wins\winmgmt.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-29 19:48:00 244 --a------ C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job
2008-03-21 12:32:37 316 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-03-21 12:10:26 370 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-03-21 12:10:26 260 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 19:25:00 68096 --a------ C:\WINDOWS\zip.exe
2008-04-29 19:25:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-29 19:25:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-29 19:25:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-29 19:25:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-29 19:25:00 98816 --a------ C:\WINDOWS\sed.exe
2008-04-29 19:25:00 80412 --a------ C:\WINDOWS\grep.exe
2008-04-29 19:25:00 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-16 19:03:14 0 d-------- C:\Documents and Settings\Martin\Application Data\F-Secure
2008-04-16 19:03:01 0 d-------- C:\Documents and Settings\Martin\Application Data\PEX
2008-04-16 18:50:18 0 d-------- C:\Program\Bredbandsbolaget Security Services
2008-04-15 22:52:15 0 d-------- C:\fsaua.data
2008-04-14 19:59:37 0 d-------- C:\Program\Kaspersky Lab
2008-04-14 19:54:07 0 d-------- C:\KAV
2008-04-14 19:51:12 0 d-------- C:\Documents and Settings\Martin\Setup
2008-04-14 19:51:09 0 d-------- C:\Documents and Settings\Martin\Keys
2008-04-14 18:30:38 0 dr-h----- C:\Documents and Settings\Martin\Recent
2008-04-07 19:02:57 0 d-------- C:\Program\SopCast


-- Find3M Report ---------------------------------------------------------------

2008-04-29 19:07:08 0 d-------- C:\Program\Citrix
2008-04-29 19:06:29 0 d-------- C:\Program\Java
2008-04-29 19:06:28 0 d-------- C:\Program\Delade filer
2008-04-27 00:07:38 0 d-------- C:\Program\DC++
2008-04-16 20:41:20 0 d-------- C:\Documents and Settings\Martin\Application Data\Skype
2008-04-15 22:52:15 0 d-------- C:\Documents and Settings\Martin\Application Data\Uniblue
2008-04-15 22:33:39 0 d-------- C:\Program\My Application
2008-04-15 21:31:10 0 d-------- C:\Program\Uniblue
2008-04-14 22:44:40 0 d-------- C:\Documents and Settings\Martin\Application Data\uTorrent
2008-04-14 19:55:26 0 d--h----- C:\Program\InstallShield Installation Information
2008-04-11 17:13:05 444892 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-04-11 17:13:05 84018 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-04-02 21:34:07 0 d-------- C:\Program\Svenska Spels Poker
2008-04-01 19:15:14 0 d-------- C:\Documents and Settings\Martin\Application Data\U3
2008-03-21 13:16:06 0 d-------- C:\Program\PartyGaming
2008-03-21 12:27:53 0 d-------- C:\Program\Full Tilt Poker
2008-03-21 12:26:57 0 d-------- C:\Program\Championship Manager 2007
2008-03-04 23:15:12 0 d-------- C:\Documents and Settings\Martin\Application Data\Adobe
2008-02-29 19:58:32 0 d-------- C:\Program\QuickSFV
2008-02-29 19:58:03 0 d-------- C:\Program\NetLimiter
2008-02-29 19:58:01 0 d-------- C:\Program\MSN Messenger
2008-02-29 19:47:52 0 d-------- C:\Program\Delade filer\Autodesk Shared
2008-02-29 19:45:21 0 d-------- C:\Program\AutoCAD 2005


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00]
"SynTPLpr"="C:\Program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 18:44]
"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 18:43]
"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 16:35]
"nwiz"="nwiz.exe" [2006-08-16 16:35 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"DetectorApp"="C:\Program\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15]
"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 12:08]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50]
"Easy-PrintToolBox"="C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"Bredbandsbolaget Servicecenter"="C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" [2007-04-16 16:58]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"systemfile"="C:\WINDOWS\system32\drivers\Explorer.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 16:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"updateMgr"="C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"LogitechSoftwareUpdate"="C:\Program\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sSMdEwtU]
sSMdEwtU.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e45e724-2006-11dc-92d3-ee1ea7150ee6}]
AutoRun\command- G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e45e726-2006-11dc-92d3-ee1ea7150ee6}]
AutoRun\command- G:\AutoRun.exe




-- End of Deckard's System Scanner: finished at 2008-04-29 19:58:32 ------------

*******************************************************************************

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-50
CPU 1: AMD Turion™ 64 X2 Mobile Technology TL-50
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 959.47 MiB / 559.3 MiB
Pagefile Memory (total/avail): 2312.87 MiB / 2014.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.99 MiB

C: is Fixed (NTFS) - 85.9 GiB total, 15.94 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (FAT32) - 7.24 GiB total, 2.12 GiB free.

\\.\PHYSICALDRIVE0 - ST9100822A - 93.16 GiB - 2 partitions
\PARTITION0 - Unknown - 7.25 GiB - F:
\PARTITION1 (bootable) - Installerbart filsystem - 85.9 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\wins\\mpx.exe"="C:\\WINDOWS\\system32\\wins\\mpx.exe:*:Enabled"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\uTorrent\\utorrent.exe"="C:\\Program\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program\\Messenger\\msmsgs.exe"="C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program\\@Last Software\\SketchUp 5\\SketchUp.exe"="C:\\Program\\@Last Software\\SketchUp 5\\SketchUp.exe:*:Enabled:SketchUp Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program\\Bredbandsbolaget\\Servicecenter\\Bredbandsbolaget.exe"="C:\\Program\\Bredbandsbolaget\\Servicecenter\\Bredbandsbolaget.exe:*:Enabled:Servicecenter"
"C:\\APPS\\skype\\Phone\\Skype.exe"="C:\\APPS\\skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Martin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=807102460233
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Martin
LOGONSERVER=\\807102460233
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program\Exo;C:\Program\Delade filer\Ulead Systems\MPEG;C:\Program\Delade filer\Autodesk Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program\Delade filer\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Martin\LOKALA~1\Temp
TMP=C:\DOCUME~1\Martin\LOKALA~1\Temp
USERDOMAIN=807102460233
USERNAME=Martin
USERPROFILE=C:\Documents and Settings\Martin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Martin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
--> C:\Program\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\HXFSETUP.EXE -U -IPDAZLCMpK.inf
--> C:\WINDOWS\IsUn041d.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9
--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x1d -removeonly
--> rundll32.exe "C:\Program\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x1d
Adobe Reader 8.1.2 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead Nero Burning ROM --> C:\Program\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
µTorrent --> "C:\Program\uTorrent\uninstall.exe"
AutoCAD 2005 - English --> MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\Program\Autodesk\AUTODE~1\Setup.exe /remove
BGBlitz --> "C:\Program\BGBlitz\UninstallerData\Uninstall bgblitz.exe"
Bredbandsbolaget Servicecenter --> C:\Program\Bredbandsbolaget\Servicecenter\uninst.exe -u -c
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon Setup Utility 2.0 --> "C:\Program\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Program\Canon\Canon Setup Utility 2.0\uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
CD-LabelPrint --> "C:\Program\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
DC++ 0.691 --> "C:\Program\DC++\uninstall.exe"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Program\Dev-Cpp\uninstall.exe"
Drivrutiner till Logitech® Camera --> "C:\Program\Delade filer\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
DVD Decrypter (Remove Only) --> "C:\Program\DVD Decrypter\uninstall.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -fC:\Program\Canon\Easy-WebPrint\Uninst.isu
Feedidentifiering (Windows Live Toolbar) --> MsiExec.exe /X{39F73F7F-53C8-474C-B4D7-63DF3A063CF5}
Four In A Row v1.2 --> "C:\Program\4iRad\Uninstal.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Documents and Settings\Martin\Skrivbord\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
JCreator LE 3.50 --> "C:\Program\Xinox Software\JCreatorV3LE\unins000.exe"
Logitech QuickCam --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x1d
Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011041D-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.13) --> C:\PROGRAM\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetLimiter 1.25 (remove only) --> "C:\Program\NetLimiter\nluninst.exe"
NordicBet Poker --> C:\MICROG~1\Poker\NORDIC~1\NORDIC~1\UNWISE.EXE C:\MICROG~1\Poker\NORDIC~1\NORDIC~1\INSTALL.LOG
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{19B622A5-0956-4080-843C-53A2E378BE5E}
PartyGammon --> "C:\Program\PartyGaming\PartyGammon\Uninstall.exe" "C:\Program\PartyGaming\PartyGammon\install.log"
Popup-blockeraren (Windows Live Toolbar) --> MsiExec.exe /X{14D9D3BE-531E-47BC-8746-92D391D3EA4A}
PowerQuest PartitionMagic 8.0 Demo --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickSFV (Remove only) --> C:\Program\QuickSFV\QSFVUNST.EXE C:\Program\QuickSFV\
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SketchUp 5 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}\setup.exe" -l0x9
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smarta menyer (Windows Live Toolbar) --> MsiExec.exe /X{2770CB13-5093-4C94-A318-F103857E18B1}
Snabbkorrigering för Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 3.0.1 --> C:\Program\SopCast\uninst.exe
Svenska Spels Poker --> C:\Program\SVENSK~1\UNWISE.EXE C:\Program\SVENSK~1\INSTALL.LOG
TeamSpeak 2 RC2 --> C:\Program\Teamspeak2_RC2\unins000.exe
Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB912945) --> "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Verktygsfältet Outlook (Windows Live Toolbar) --> MsiExec.exe /X{EDE8FB19-9809-445E-991A-AE51EFA7E653}
VideoLAN VLC media player 0.8.5 --> C:\Program\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program\Windows Live Toolbar\UnInstall.exe" {45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar --> MsiExec.exe /X{45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{64E09E82-610D-4FB9-8722-1D2D1CD65A6B}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Presentation Foundation Language Pack (SVE) --> MsiExec.exe /X{0691B876-15B2-451B-AEA4-5653E40899C4}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows Workflow Foundation SV Language Pack --> MsiExec.exe /I{793C456F-EB0A-4164-BE77-B6D901F2C7E3}
WinRAR --> C:\Program\WinRAR\uninstall.exe
World of Warcraft --> C:\Program\Delade filer\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type45088 / Error
Event Submitted/Written: 04/29/2008 07:00:54 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
28 2008-04-29 19:00:54+02:00 807102460233 807102460233\Martin F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\PMDDAPMG.DLL.
Infection: Packed.Win32.Monder.gen

Event Record #/Type45087 / Error
Event Submitted/Written: 04/29/2008 07:00:53 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
27 2008-04-29 19:00:53+02:00 807102460233 807102460233\Martin F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\PMDDAPMG.DLL.
Infection: Packed.Win32.Monder.gen

Event Record #/Type45086 / Error
Event Submitted/Written: 04/29/2008 07:00:52 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
26 2008-04-29 19:00:52+02:00 807102460233 807102460233\Martin F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\PMDDAPMG.DLL.
Infection: Packed.Win32.Monder.gen

Event Record #/Type45085 / Error
Event Submitted/Written: 04/29/2008 07:00:51 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
25 2008-04-29 19:00:51+02:00 807102460233 807102460233\Martin F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\PMDDAPMG.DLL.
Infection: Packed.Win32.Monder.gen

Event Record #/Type45084 / Error
Event Submitted/Written: 04/29/2008 07:00:49 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
24 2008-04-29 19:00:49+02:00 807102460233 807102460233\Martin F-Secure Anti-Virus
Malicious code found in file C:\WINDOWS\SYSTEM32\PMDDAPMG.DLL.
Infection: Packed.Win32.Monder.gen



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32705 / Error
Event Submitted/Written: 04/29/2008 07:46:37 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
Master browser har mottagit ett meddelande från datorn MP
som tror att den är master browser för domänen på transporten NetBT_Tcpip_{977929DD-B73D-46DF-BF85. Master browser
stannar eller ett val tvingas att göras.

Event Record #/Type32692 / Error
Event Submitted/Written: 04/29/2008 07:33:05 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
eeCtrl

Event Record #/Type32691 / Error
Event Submitted/Written: 04/29/2008 07:33:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjänsten DynDNS Updater Service kunde inte startas på grund av följande fel:
%%2

Event Record #/Type32682 / Error
Event Submitted/Written: 04/29/2008 07:14:56 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
Master browser har mottagit ett meddelande från datorn MP
som tror att den är master browser för domänen på transporten NetBT_Tcpip_{977929DD-B73D-46DF-BF85. Master browser
stannar eller ett val tvingas att göras.

Event Record #/Type32669 / Error
Event Submitted/Written: 04/29/2008 07:11:55 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
eeCtrl



-- End of Deckard's System Scanner: finished at 2008-04-29 19:58:32 ------------

************************************************************************************

Thats all i have!

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:54 PM

Posted 15 May 2008 - 12:30 PM

Hi zkipper

If you still need help, please post a fresh dss log (main.txt) :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:54 PM

Posted 25 May 2008 - 05:44 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users