Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/trojan Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 erijon

erijon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 14 May 2008 - 04:45 PM

Having problems installing programs from cd's. Pc very slow.

Deckard's System Scanner v20071014.68
Run by Erik on 2008-05-14 23:24:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2008-05-14 21:24:13 UTC - RP50 - Deckard's System Scanner Restore Point
49: 2008-05-14 21:14:04 UTC - RP49 - Installed Ad-Aware 2007
48: 2008-05-14 01:00:41 UTC - RP48 - Software Distribution Service 3.0
47: 2008-05-13 17:32:51 UTC - RP47 - Installed Windows Media Format 9 Series Runtime Setup
46: 2008-05-13 17:21:19 UTC - RP46 - Installed Sony USB Driver


-- First Restore Point --
1: 2008-05-12 21:47:09 UTC - RP1 - Kontrollpunkt for system


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-14 23:25:09
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\McAfee.com\Agent\mcagent.exe
C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\U-ABIT\abitEQ\abiteq.exe
C:\Programfiler\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programfiler\McAfee\MSC\mcmscsvc.exe
C:\Programfiler\Fellesfiler\McAfee\MNA\McNASvc.exe
C:\Programfiler\Fellesfiler\McAfee\McProxy\McProxy.exe
C:\Programfiler\McAfee\VirusScan\Mcshield.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\alg.exe
C:\Programfiler\McAfee\VirusScan\mcsysmon.exe
C:\Programfiler\Opera\Opera.exe
C:\Programfiler\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Programfiler\McAfee\VirusScan\mcvsshld.exe
C:\Programfiler\McAfee\VirusScan\mcvsmap.exe
C:\Documents and Settings\Erik\Skrivebord\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...mp;plcid=0x0414
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs1.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programfiler\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Programfiler\Absolutist_Games\tbAbs1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [mcagent_exe] "C:\Programfiler\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Programfiler\U-ABIT\abitEQ\ABITEQ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210630191830
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210630179330
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programfiler\Fellesfiler\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programfiler\Fellesfiler\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programfiler\Fellesfiler\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Programfiler\Norton Internet Security\ccPxySvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Programfiler\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Programfiler\Fellesfiler\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Programfiler\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Programfiler\Fellesfiler\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Programfiler\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Programfiler\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MpfSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Unknown owner - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Programfiler\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6172\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 9946 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ABIT-IO - c:\programfiler\u-abit\abiteq\abit-io.sys

S1 SYMTDI - c:\windows\system32\drivers\symtdi.sys (file missing)
S2 SAVRTPEL - c:\windows\system32\drivers\savrtpel.sys (file missing)
S3 ALLOW-IO - g:\allow-io.sys (file missing)
S3 NAVENG - c:\progra~1\felles~1\symant~1\virusd~1\20020920.007\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\felles~1\symant~1\virusd~1\20020920.007\navex15.sys (file missing)
S3 PciCon - g:\pcicon.sys (file missing)
S3 SAVRT - c:\windows\system32\drivers\savrt.sys (file missing)
S3 SYMDNS - c:\windows\system32\drivers\symdns.sys (file missing)
S3 SymEvent - c:\programfiler\symantec\symevent.sys (file missing)
S3 SYMFW - c:\windows\system32\drivers\symfw.sys (file missing)
S3 SYMIDS - c:\windows\system32\drivers\symids.sys (file missing)
S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)
S3 SYMNDIS - c:\windows\system32\drivers\symndis.sys (file missing)
S3 SYMREDRV - c:\windows\system32\drivers\symredrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ccEvtMgr (Symantec Event Manager) - c:\programfiler\fellesfiler\symantec shared\ccevtmgr.exe (file missing)
S2 ccPxySvc (Symantec Proxy Service) - c:\programfiler\norton internet security\ccpxysvc.exe (file missing)
S2 navapsvc (Norton AntiVirus Auto-Protect-tjeneste) - c:\programfiler\norton antivirus\navapsvc.exe (file missing)
S2 NISUM (Norton Internet Security Accounts Manager) - c:\programfiler\norton internet security\nisum.exe (file missing)
S2 SBService (ScriptBlocking Service) - c:\progra~1\felles~1\symant~1\script~1\sbserv.exe (file missing)
S3 ccPwdSvc (Symantec Password Validation Service) - c:\programfiler\fellesfiler\symantec shared\ccpwdsvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 22:09:28 406 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-05-13 01:53:17 338 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-13 01:53:15 330 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 23:14:07 0 d-------- C:\Programfiler\Lavasoft
2008-05-14 23:13:41 0 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-05-14 22:07:58 0 d-------- C:\Programfiler\Webroot
2008-05-14 22:07:54 0 d-------- C:\Programfiler\AskSBar
2008-05-14 22:06:07 164 --a------ C:\install.dat
2008-05-14 21:23:14 0 d-------- C:\Programfiler\WinZip Self-Extractor
2008-05-14 18:54:53 0 d-------- C:\Logs
2008-05-14 18:49:28 0 d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment
2008-05-13 19:32:22 0 d-------- C:\Programfiler\Fellesfiler\AVSMedia
2008-05-13 19:32:13 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-13 19:32:13 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-13 19:32:13 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-05-13 19:32:13 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-05-13 19:32:13 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-05-13 19:32:12 0 d-------- C:\Programfiler\AVS4YOU
2008-05-13 19:21:20 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-05-13 19:21:20 0 d-------- C:\Drivers
2008-05-13 19:18:50 0 d-------- C:\Programfiler\Sony
2008-05-13 14:39:16 0 d-------- C:\Programfiler\Microsoft.NET
2008-05-13 14:38:30 0 d-------- C:\Programfiler\Microsoft Works
2008-05-13 14:38:01 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-13 14:07:43 0 d-------- C:\Programfiler\Sun
2008-05-13 14:06:55 0 d-------- C:\Programfiler\Java
2008-05-13 14:06:01 0 d-------- C:\Programfiler\Fellesfiler\Java
2008-05-13 02:35:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-13 02:34:14 0 d-------- C:\Programfiler\Opera
2008-05-13 02:30:30 401408 --a------ C:\WINDOWS\system32\FlashPlayerControl.dll <Not Verified; Softanics; FlashPlayerControl Library>
2008-05-13 02:30:29 1552384 --a------ C:\WINDOWS\system32\bshooter.scr
2008-05-13 02:30:24 0 d-------- C:\Programfiler\Absolutist_Games
2008-05-13 02:30:22 0 d-------- C:\Programfiler\absolutist.com
2008-05-13 02:21:33 0 d-------- C:\WINDOWS\nview
2008-05-13 02:12:00 0 d-------- C:\Programfiler\U-ABIT
2008-05-13 02:10:57 0 d-------- C:\Programfiler\Fellesfiler\Adobe
2008-05-13 02:08:40 0 d-------- C:\WINDOWS\system32\Lang
2008-05-13 02:07:21 0 d-------- C:\Programfiler\DIFX
2008-05-13 02:07:13 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-13 02:06:46 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-05-13 02:06:21 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-13 02:05:45 0 d-------- C:\Programfiler\Realtek
2008-05-13 02:05:44 0 d--h----- C:\Programfiler\InstallShield Installation Information
2008-05-13 02:05:38 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-13 01:54:36 0 d-------- C:\Programfiler\SiteAdvisor
2008-05-13 01:53:01 0 d-------- C:\Programfiler\McAfee.com
2008-05-13 01:52:56 0 d-------- C:\Programfiler\Fellesfiler\McAfee
2008-05-13 01:52:51 0 d-------- C:\Programfiler\McAfee
2008-05-13 01:34:20 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 01:30:54 0 d-------- C:\WINDOWS
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\WinSxS
2008-05-13 01:30:54 0 dr------- C:\WINDOWS\Web
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\twain_32
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\wins
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\wbem
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\usmt
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\spool
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\Setup
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\ras
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\oobe
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\npp
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\mui
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\IME
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\ias
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\export
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\drivers
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-13 01:30:54 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\config
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\3076
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\2052
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1054
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1044
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1042
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1041
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1037
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1033
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1031
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1028
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system32\1025
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\system
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\security
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\Resources
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\repair
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\mui
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\msapps
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\msagent
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\Media
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\java
2008-05-13 01:30:54 0 d--h----- C:\WINDOWS\inf
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\ime
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\Help
2008-05-13 01:30:54 0 dr--s---- C:\WINDOWS\Fonts
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\Driver Cache
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\Debug
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\Cursors
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\Config
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\AppPatch
2008-05-13 01:30:54 0 d-------- C:\WINDOWS\addins
2008-05-13 01:24:59 0 d-------- C:\WINDOWS\system32\no
2008-05-13 01:24:59 0 d-------- C:\WINDOWS\system32\nb-no
2008-05-13 01:24:59 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 01:21:18 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 01:09:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-13 01:09:01 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-13 00:49:25 0 d-------- C:\WINDOWS\peernet
2008-05-13 00:49:24 0 d-------- C:\WINDOWS\provisioning
2008-05-13 00:48:24 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 00:45:41 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-13 00:43:54 0 d-------- C:\WINDOWS\EHome
2008-05-13 00:35:08 0 d-------- C:\Programfiler\Fellesfiler\ODBC
2008-05-13 00:35:06 0 d-------- C:\Programfiler\Fellesfiler\SpeechEngines
2008-05-13 00:35:05 0 dr------- C:\Programfiler
2008-05-13 00:35:05 0 d-------- C:\Programfiler\Fellesfiler
2008-05-13 00:34:32 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-13 00:34:32 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-13 00:34:13 0 d-------- C:\Documents and Settings
2008-05-13 00:34:01 25600 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-13 00:34:01 0 d--h---c- C:\WINDOWS\$xpsp1hfm$
2008-05-13 00:13:28 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 00:09:46 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-13 00:03:38 0 d-------- C:\Programfiler\Marvell
2008-05-13 00:03:02 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-13 00:02:54 0 d-------- C:\Programfiler\Fellesfiler\InstallShield
2008-05-13 00:01:27 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-12 23:54:52 0 d-------- C:\Programfiler\Fellesfiler\Symantec Shared
2008-05-12 23:54:36 0 d-------- C:\Programfiler\Symantec
2008-05-12 23:47:00 0 d--hs---- C:\WINDOWS\Installer
2008-05-12 23:46:15 0 d--hs---- C:\System Volume Information
2008-05-12 23:43:45 0 d-------- C:\WINDOWS\system32\xircom
2008-05-12 23:43:45 0 d-------- C:\Programfiler\microsoft frontpage
2008-05-12 23:43:28 0 -rahs---- C:\MSDOS.SYS
2008-05-12 23:43:28 0 -rahs---- C:\IO.SYS
2008-05-12 23:43:28 0 --a------ C:\CONFIG.SYS
2008-05-12 23:43:28 0 --a------ C:\AUTOEXEC.BAT
2008-05-12 23:42:40 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-12 23:42:39 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-12 23:42:22 0 d-------- C:\WINDOWS\srchasst
2008-05-12 23:42:15 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-12 23:42:15 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-12 23:42:04 0 d-------- C:\Programfiler\Movie Maker
2008-05-12 23:41:39 0 d-------- C:\WINDOWS\system32\Restore
2008-05-12 23:41:34 0 d-------- C:\WINDOWS\PCHEALTH
2008-05-12 23:41:33 0 d-------- C:\Programfiler\Fellesfiler\Tjenester
2008-05-12 23:41:28 0 d---s---- C:\WINDOWS\Tasks
2008-05-12 23:41:25 0 d-------- C:\Programfiler\Fellesfiler\MSSoap
2008-05-12 23:41:00 21704 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-12 23:40:39 0 d-------- C:\WINDOWS\Registration
2008-05-12 23:40:31 0 d--h----- C:\Programfiler\WindowsUpdate
2008-05-12 23:40:31 0 d-------- C:\Programfiler\Elektroniske tjenester
2008-05-12 23:40:24 0 d-------- C:\Programfiler\Messenger
2008-05-12 23:40:18 0 d-------- C:\Programfiler\MSN Gaming Zone
2008-05-12 23:40:08 0 d-------- C:\Programfiler\Windows NT
2008-05-12 23:39:56 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-12 23:39:54 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-05-14 23:08:58 319260 --a------ C:\WINDOWS\system32\perfh014.dat
2008-05-14 23:08:58 46440 --a------ C:\WINDOWS\system32\perfc014.dat
2008-05-14 22:07:58 0 d-------- C:\Documents and Settings\Erik\Programdata\Webroot
2008-05-14 00:16:44 0 d-------- C:\Documents and Settings\Erik\Programdata\Adobe
2008-05-13 19:33:07 0 d-------- C:\Documents and Settings\Erik\Programdata\AVS4YOU
2008-05-13 19:23:01 0 d-------- C:\Documents and Settings\Erik\Programdata\Sony Corporation
2008-05-13 15:10:50 0 d-------- C:\Documents and Settings\Erik\Programdata\Macromedia
2008-05-13 13:46:32 0 d-------- C:\Documents and Settings\Erik\Programdata\vlc
2008-05-13 02:36:01 0 d-------- C:\Documents and Settings\Erik\Programdata\Talkback
2008-05-13 02:35:48 0 d-------- C:\Documents and Settings\Erik\Programdata\Mozilla
2008-05-13 02:34:21 0 d-------- C:\Documents and Settings\Erik\Programdata\Opera
2008-05-13 01:54:36 0 d-------- C:\Documents and Settings\Erik\Programdata\SiteAdvisor
2008-05-13 00:34:42 62 --ahs---- C:\Documents and Settings\Erik\Programdata\desktop.ini
2008-05-12 23:59:51 0 d-------- C:\Documents and Settings\Erik\Programdata\InstallShield
2008-05-12 23:55:08 0 d-------- C:\Documents and Settings\Erik\Programdata\Symantec
2008-05-12 23:46:59 0 d-------- C:\Documents and Settings\Erik\Programdata\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
14.05.2008 22:07 66912 --a------ C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
13.05.2008 02:33 1470488 --a------ C:\Programfiler\Absolutist_Games\tbAbs1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
14.05.2008 22:07 267592 --a------ C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= C:\Programfiler\Absolutist_Games\tbAbs1.dll [13.05.2008 02:33 1470488]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL [14.05.2008 22:07 267592]

[-HKEY_CLASSES_ROOT\CLSID\{631AC2D4-57B3-42B0-A148-DA33B462C1A3}]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Programfiler\McAfee.com\Agent\mcagent.exe" [01.11.2007 19:12]
"SiteAdvisor"="C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe" [24.08.2007 23:57]
"RTHDCPL"="RTHDCPL.EXE" [26.02.2007 09:03 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16.05.2006 12:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 12:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="RUNDLL32.exe" [14.04.2008 18:23 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [21.05.2007 09:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [14.04.2008 18:23 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]
"SpySweeper"="C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" [04.01.2008 20:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 18:22]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [14.04.2008 18:23]
"ABIT uGuruIII"="C:\Programfiler\U-ABIT\abitEQ\ABITEQ.exe" [01.02.2007 15:18]

C:\Documents and Settings\Erik\Start-meny\Programmer\Oppstart\
Picture Motion Browser Media Check Tool.lnk - C:\Programfiler\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [13.05.2008 19:19:00]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [23.10.2006 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23.10.2006 00:01:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - IKFILESEC
*Newly Created Service* - IKSYSFLT
*Newly Created Service* - IKSYSSEC
*Newly Created Service* - MCHINJDRV



-- End of Deckard's System Scanner: finished at 2008-05-14 23:29:08 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: Norwegian

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5600+
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 3583.48 MiB / 2382.87 MiB
Pagefile Memory (total/avail): 5465.75 MiB / 4431.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.01 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 29.9 GiB free.
D: is Fixed (NTFS) - 128 GiB total, 96.95 GiB free.
E: is Fixed (NTFS) - 88.93 GiB total, 31.01 GiB free.
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - ST3160023AS - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installerbart filsystem - 128 GiB - D:

\\.\PHYSICALDRIVE0 - ST3200822AS - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 39.06 GiB - C:
\PARTITION1 - Utvidet med Extended Int 13 - 88.93 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Erik\Programdata
CLIENTNAME=Console
CommonProgramFiles=C:\Programfiler\Fellesfiler
COMPUTERNAME=ERIK-0Z9H3X12U0
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Erik
LOGONSERVER=\\ERIK-0Z9H3X12U0
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Programfiler
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Erik\LOKALE~1\Temp
TMP=C:\DOCUME~1\Erik\LOKALE~1\Temp
USERDOMAIN=ERIK-0Z9H3X12U0
USERNAME=Erik
USERPROFILE=C:\Documents and Settings\Erik
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Erik (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
abitEQ V1.1.0.5 --> C:\Programfiler\InstallShield Installation Information\{A3DB6885-DDFA-442A-A2C2-EC1842CA4953}\Setup.exe -runfromtemp -l0x0009 -removeonly
Absolutist Games Toolbar --> C:\PROGRA~1\ABSOLU~1\UNWISE.EXE C:\PROGRA~1\ABSOLU~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AVS DVDMenu Editor 1.2.1.19 --> "C:\Programfiler\Fellesfiler\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Converter 5.6 --> "C:\Programfiler\AVS4YOU\AVSVideoConverter\unins000.exe"
AVS4YOU Software Navigator 1.2 --> "C:\Programfiler\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bubble Shooter Premium --> "C:\Programfiler\absolutist.com\Bubble Shooter Premium\unins000.exe"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveReg (Symantec Corporation) --> C:\Programfiler\Fellesfiler\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Programfiler\Symantec\LiveUpdate\LSETUP.EXE /U
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
McAfee SecurityCenter --> C:\Programfiler\McAfee\MSC\mcuninst.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110414-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x14 -removeonly
Sikkerhetsoppdatering for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sony Picture Utility --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spy Sweeper --> "C:\Programfiler\Webroot\Spy Sweeper\unins000.exe"
Windows-driverpakke - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_0F15CD9EC220F0ED6D5B62BB6C873766011FDDAE\amdk8.inf
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip Self-Extractor --> "C:\Programfiler\WinZip Self-Extractor\setup.exe" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type167 / Error
Event Submitted/Written: 05/14/2008 11:12:59 PM
Event ID/Source: 0 / pctsSvc.exe
Event Description:
Tjenesteprosessen ble ikke koblet til tjenestekontrolleren

Event Record #/Type152 / Warning
Event Submitted/Written: 05/14/2008 09:33:52 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
Tilbyderen OffProv11 ble registrert i WMI-navneområdet Root\MSAPPS11, men angav ikke den nødvendige HostingModel-egenskapen. Tilbyderen vil bli kjørt med LocalSystem-kontoen. Denne kontoen har privilegier, og tilbyderen kan forårsake et sikkerhetsbrudd hvis brukerforespørslene ikke fremstilles riktig. Kontroller tilbyderens sikkerhetsoppførsel, og oppdater HostingModel-egenskapen for tilbyderen til en konto med så få privilegier som mulig for nødvendig funksjonalitet.

Event Record #/Type151 / Warning
Event Submitted/Written: 05/14/2008 09:33:52 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
Tilbyderen OffProv11 ble registrert i WMI-navneområdet Root\MSAPPS11, men angav ikke den nødvendige HostingModel-egenskapen. Tilbyderen vil bli kjørt med LocalSystem-kontoen. Denne kontoen har privilegier, og tilbyderen kan forårsake et sikkerhetsbrudd hvis brukerforespørslene ikke fremstilles riktig. Kontroller tilbyderens sikkerhetsoppførsel, og oppdater HostingModel-egenskapen for tilbyderen til en konto med så få privilegier som mulig for nødvendig funksjonalitet.

Event Record #/Type146 / Error
Event Submitted/Written: 05/14/2008 09:21:43 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Feil i minneområdet 734037209.

Event Record #/Type145 / Error
Event Submitted/Written: 05/14/2008 09:21:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hengende program explorer.exe, versjon 6.0.2900.5512, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type992 / Error
Event Submitted/Written: 05/14/2008 10:09:44 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
SYMTDI

Event Record #/Type991 / Error
Event Submitted/Written: 05/14/2008 10:09:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjenesten ScriptBlocking Service kan ikke startes på grunn av følgende feil:
%%3

Event Record #/Type990 / Error
Event Submitted/Written: 05/14/2008 10:09:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjenesten SAVRTPEL kan ikke startes på grunn av følgende feil:
%%2

Event Record #/Type989 / Error
Event Submitted/Written: 05/14/2008 10:09:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjenesten Norton AntiVirus Auto-Protect-tjeneste kan ikke startes på grunn av følgende feil:
%%2

Event Record #/Type956 / Error
Event Submitted/Written: 05/14/2008 09:55:27 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
SYMTDI



-- End of Deckard's System Scanner: finished at 2008-05-14 23:29:08 ------------

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:56 AM

Posted 05 June 2008 - 01:46 PM

Hello erijon,

Welcome back to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:56 AM

Posted 15 June 2008 - 03:04 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users