Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic trojan and can't boot the system


  • This topic is locked This topic is locked
25 replies to this topic

#1 mhestholm

mhestholm

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 09 July 2010 - 11:56 AM

Need help with a problem.
A couple a days of go, my laptop started to shut down and after a scan with Super Anti Spyware and a online scan (F- Secure) it stated that i had Trojan called Gemini. Have tried CCLeaner, Combo Fix, TFC, GMER etc. The laptop still cant boot without shutting down. Getting desperate, since this is my work laptop. Can only run in safe mode. Can anyone help me? (Ps! I'm Norwegian so my English isn't excactly fluent) ComboFix was installed in Norwegian. Sorry sad.gif

Log:
ComboFix 10-07-08.02 - Michael 09.07.2010 15:15:21.3.1 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1014.711 [GMT 2:00]
Kjører fra: c:\documents and settings\Michael\Skrivebord\ComboFix.exe
.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-09 til 2010-07-09 )))))))))))))))))))))))))))))))))
.

2010-07-09 12:53 . 2010-07-09 12:53 63488 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-09 12:53 . 2010-07-09 12:53 52224 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 12:53 . 2010-07-09 12:53 117760 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-09 12:52 . 2010-07-09 12:52 -------- d-----w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com
2010-07-09 12:52 . 2010-07-09 12:52 -------- d-----w- c:\programfiler\SUPERAntiSpyware
2010-07-09 12:45 . 2010-07-09 12:45 -------- d-----w- C:\FOUND.014
2010-07-09 12:39 . 2010-07-09 12:39 -------- d-----w- c:\windows\LastGood.Tmp
2010-07-09 12:33 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-09 12:33 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-09 12:33 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-09 12:33 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-09 12:33 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-09 12:33 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-09 12:33 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-09 12:33 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-09 12:33 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-09 12:33 . 2010-07-09 12:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-07-09 07:47 . 2010-07-09 07:47 -------- d-----w- c:\documents and settings\Michael\DoctorWeb
2010-07-09 06:45 . 2010-07-09 06:45 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2010-07-09 06:05 . 2010-07-09 06:05 -------- d-----w- c:\programfiler\ESET
2010-07-09 05:14 . 2010-07-09 05:14 -------- d-----w- C:\FOUND.013
2010-07-08 22:38 . 2010-07-08 22:38 -------- d--h--r- c:\documents and settings\Michael\Siste
2010-07-08 21:33 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\50724792.sys
2010-07-08 21:33 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\5072479.sys
2010-07-08 21:33 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\50724791.sys
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\documents and settings\Michael\Programdata\Malwarebytes
2010-07-08 21:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2010-07-08 21:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 20:33 . 2010-07-08 20:33 -------- d-----w- c:\programfiler\CCleaner
2010-07-08 20:32 . 2010-07-08 20:32 -------- d-----w- c:\documents and settings\All Users\Programdata\ReviverSoft
2010-07-08 20:09 . 2010-07-08 20:09 -------- d-----w- C:\FOUND.012
2010-07-08 18:56 . 2010-07-08 18:56 -------- d-----w- c:\documents and settings\All Users\Programdata\F-Secure
2010-07-08 18:43 . 2010-07-08 18:43 -------- d-----w- C:\FOUND.011
2010-07-08 18:38 . 2010-07-08 18:38 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-08 18:05 . 2010-07-08 18:05 -------- d-----w- C:\FOUND.010
2010-06-23 16:39 . 2010-06-23 16:39 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb9.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 11:27 . 2006-02-22 08:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-04 10:40 . 2006-01-16 10:03 89384 ----a-w- c:\documents and settings\Michael\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2010-06-02 16:52 . 2010-06-02 16:52 -------- d-----w- c:\programfiler\MSECache
.

((((((((((((((((((((((((((((( SnapShot@2010-07-08_22.29.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-23 22:33 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-07-09 12:39 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-07-09 12:39 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2010-07-09 12:33 . 2010-06-28 20:32 28880 c:\windows\system32\drivers\aavmker4.sys
+ 2005-08-23 22:33 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 10:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 10:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2010-07-09 12:39 . 2005-05-26 02:16 18200 c:\windows\LastGood.Tmp\system32\wups2.dll
+ 2010-07-09 12:39 . 2005-05-26 02:16 41240 c:\windows\LastGood.Tmp\system32\wups.dll
+ 2010-07-09 12:39 . 2005-05-26 02:16 75544 c:\windows\LastGood.Tmp\system32\cdm.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2005-05-26 02:19 . 2009-08-06 17:23 215920 c:\windows\system32\muweb.dll
+ 2006-03-22 11:31 . 2009-08-06 17:23 274288 c:\windows\system32\mucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-07-09 12:39 . 2005-05-26 02:19 173536 c:\windows\LastGood.Tmp\system32\wuweb.dll
+ 2010-07-09 12:39 . 2005-05-26 02:16 127768 c:\windows\LastGood.Tmp\system32\wucltui.dll
+ 2010-07-09 12:39 . 2005-05-26 02:16 124696 c:\windows\LastGood.Tmp\system32\wuauclt.exe
+ 2010-07-09 12:39 . 2005-05-26 02:16 465176 c:\windows\LastGood.Tmp\system32\wuapi.dll
+ 2010-07-09 12:39 . 2005-05-26 02:19 178408 c:\windows\LastGood.Tmp\system32\muweb.dll
+ 2010-07-09 12:39 . 2005-05-26 02:16 127720 c:\windows\LastGood.Tmp\system32\mucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-07-09 12:39 . 2005-05-26 02:16 1343768 c:\windows\LastGood.Tmp\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-07 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-07 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-07 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\programfiler\Acer\Acer Arcade\PCMService.exe" [2005-08-11 143360]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 200704]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-18 462848]
"eRecoveryService"="c:\programfiler\Acer\eRecovery\Monitor.exe" [2005-08-18 352256]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2006-04-04 77824]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2010-01-16 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Michael\Start-meny\Programmer\Oppstart\
setup_9.0.0.722_08.07.2010_23-52[1].lnk - c:\documents and settings\Michael\Skrivebord\Virus Removal Tool\setup_9.0.0.722_08.07.2010_23-52[1]\startup.exe [2010-7-8 72208]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-22 110592]
Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 50724792;50724792 Boot Guard Driver;c:\windows\system32\drivers\50724792.sys [08.07.2010 23:33 37392]
S1 50724791;50724791;c:\windows\system32\drivers\50724791.sys [08.07.2010 23:33 128016]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09.07.2010 14:33 165456]
S1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.07.2010 14:33 17744]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [30.01.2010 21:40 135664]

--- Andre tjenester/drivere lastet i minnet ---

*Deregistered* - fgayaaog
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 19:40]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 19:40]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.vg.no/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Post Image to Blog - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Upload All Images to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5001
IE: {{670F87A1-88B0-11d4-9030-000021D9C559} - c:\programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
IE: {{C4A67F75-88B2-11d4-9030-000021D9C559} - c:\programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
Trusted Zone: imageshack.us\toolbar
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 15:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'explorer.exe'(680)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\System32\MSVCP60.dll
c:\programfiler\Microsoft Office\OFFICE11\msohev.dll
.
Tidspunkt ferdig: 2010-07-09 15:18:34
ComboFix-quarantined-files.txt 2010-07-09 13:18
ComboFix2.txt 2010-07-08 22:30
ComboFix3.txt 2010-07-08 20:30

Pre-Run: 30 638 800 896 byte ledig
Post-Run: 31 188 877 312 byte ledig

- - End Of File - - 31A23799FCAEEDC6D4C0E813B72A46AB

Attached Files


Edited by mhestholm, 09 July 2010 - 01:18 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 PM

Posted 12 July 2010 - 01:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 mhestholm

mhestholm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 13 July 2010 - 08:20 AM

No, I'm still encountering some problems. I think I have gotten rid of the trojan bur the system is still shutting down. What I have done so far, is to follow this topic, http://www.bleepingcomputer.com/forums/ind...8&hl=gemini
when it comes to responses. I have not run a CFScript or any others since I'm not sure whats wrong with this laptop.
The state of the laptop, as of now, is that I can only start in safe mode. Every time I try to boot, it wants to do a consequence analysis of c: and d: drive. On the c: drive it shuts automaticly down as its reaches 26% and on the d: drive at 76%

I would forever thankful if you could help me solve thus problem !!!!

Gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-13 15:16:24
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Michael\LOKALE~1\Temp\fgayaaog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!SetWindowLongA 7E41D60D 5 Bytes JMP 00C3FFBA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!SetWindowLongW 7E41D62B 5 Bytes JMP 00C3FFEB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 00AAF205 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 00C3FEBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 00C3FE40 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 00C3FE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 00C3FDCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 00C3FE06 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 00C3FEFA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programfiler\Internet Explorer\IEXPLORE.EXE[580] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 00AD15DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----


DDS:

DDS (Ver_10-03-17.01) - FAT32x86 NETWORK
Run by Michael at 15:00:25,89 on 13.07.2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1014.766 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\Michael\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.vg.no/
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programfiler\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programfiler\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programfiler\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll
TB: ImageShack Toolbar: {6932d140-abc4-4073-a44c-d4a541665e35} - c:\windows\imageshacktoolbar\ImageShackToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programfiler\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\programfiler\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\programfiler\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SUPERAntiSpyware] c:\programfiler\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AzMixerSel] c:\programfiler\realtek\installshield\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\programfiler\acer\acer arcade\PCMService.exe"
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\programfiler\acer\erecovery\Monitor.exe
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\programfiler\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\michael\start-~1\progra~1\oppstart\setup_~1.lnk - c:\documents and settings\michael\skrivebord\virus removal tool\setup_9.0.0.722_08.07.2010_23-52[1]\startup.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\adobeg~1.lnk - c:\programfiler\fellesfiler\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\adober~1.lnk - c:\programfiler\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Post Image to Blog - c:\windows\imageshacktoolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\windows\imageshacktoolbar\ImageShackToolbar.dll/5002
IE: Upload All Images to ImageShack - c:\windows\imageshacktoolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\imageshacktoolbar\ImageShackToolbar.dll/5001
IE: {670F87A1-88B0-11d4-9030-000021D9C559} - c:\programfiler\kmt software\high impact email 3.0\HIE3.exe
IE: {C4A67F75-88B2-11d4-9030-000021D9C559} - c:\programfiler\kmt software\high impact email 3.0\HIE3.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: imageshack.us\toolbar
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} - hxxp://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\programfiler\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programfiler\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 50724792;50724792 Boot Guard Driver;c:\windows\system32\drivers\50724792.sys [2010-7-8 37392]
S1 50724791;50724791;c:\windows\system32\drivers\50724791.sys [2010-7-8 128016]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-9 165456]
S1 SASDIFSV;SASDIFSV;c:\programfiler\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\programfiler\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 setup_9.0.0.722_08.07.2010_23-52[1]drv;setup_9.0.0.722_08.07.2010_23-52[1]drv;c:\windows\system32\drivers\5072479.sys [2010-7-8 315408]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-9 17744]
S2 avast! Antivirus;avast! Antivirus;c:\programfiler\alwil software\avast5\AvastSvc.exe [2010-7-9 40384]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\programfiler\alwil software\avast5\AvastSvc.exe [2010-7-9 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\programfiler\alwil software\avast5\AvastSvc.exe [2010-7-9 40384]

=============== Created Last 30 ================

2010-07-10 05:49:16 0 d-sh--w- C:\FOUND.016
2010-07-09 21:04:36 0 d-----w- c:\windows\LastGood.Tmp
2010-07-09 20:55:29 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-09 20:55:00 38848 ----a-w- c:\windows\avastSS.scr
2010-07-09 18:03:13 0 d-s---w- C:\ComboFix
2010-07-09 14:05:16 0 d-sh--w- C:\FOUND.015
2010-07-09 13:52:58 0 d-sh--w- C:\Recycled
2010-07-09 13:14:54 161792 ----a-w- c:\windows\SWREG.exe
2010-07-09 12:52:37 0 d-----w- c:\docume~1\michael\progra~1\SUPERAntiSpyware.com
2010-07-09 12:52:29 0 d-----w- c:\programfiler\SUPERAntiSpyware
2010-07-09 12:45:52 0 d-----w- C:\FOUND.014
2010-07-09 12:39:38 17248 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-07-09 12:39:19 22752 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-07-09 12:39:19 18144 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-07-09 12:39:19 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-07-09 12:39:19 15064 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-07-09 12:33:37 0 d-----w- c:\docume~1\alluse~1\progra~1\Alwil Software
2010-07-09 07:47:57 0 d-----w- c:\documents and settings\michael\DoctorWeb
2010-07-09 06:45:53 0 d-----w- c:\docume~1\alluse~1\progra~1\SUPERAntiSpyware.com
2010-07-09 06:05:44 0 d-----w- c:\programfiler\ESET
2010-07-09 05:14:00 0 d-----w- C:\FOUND.013
2010-07-08 22:38:56 0 d--h--r- c:\documents and settings\michael\Siste
2010-07-08 21:33:44 37392 ----a-w- c:\windows\system32\drivers\50724792.sys
2010-07-08 21:33:44 315408 ----a-w- c:\windows\system32\drivers\5072479.sys
2010-07-08 21:33:44 128016 ----a-w- c:\windows\system32\drivers\50724791.sys
2010-07-08 21:11:29 0 d-----w- c:\docume~1\michael\progra~1\Malwarebytes
2010-07-08 21:11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 21:11:17 0 d-----w- c:\docume~1\alluse~1\progra~1\Malwarebytes
2010-07-08 21:11:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 21:11:16 0 d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2010-07-08 20:33:38 0 d-----w- c:\programfiler\CCleaner
2010-07-08 20:32:04 0 d-----w- c:\docume~1\alluse~1\progra~1\ReviverSoft
2010-07-08 20:20:08 0 d-sha-r- C:\cmdcons
2010-07-08 20:18:15 98816 ----a-w- c:\windows\sed.exe
2010-07-08 20:18:15 77312 ----a-w- c:\windows\MBR.exe
2010-07-08 20:18:15 256512 ----a-w- c:\windows\PEV.exe
2010-07-08 20:09:20 0 d-----w- C:\FOUND.012
2010-07-08 18:56:31 0 d-----w- c:\docume~1\alluse~1\progra~1\F-Secure
2010-07-08 18:43:20 0 d-----w- C:\FOUND.011
2010-07-08 18:38:01 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-08 18:05:50 0 d-----w- C:\FOUND.010

==================== Find3M ====================


============= FINISH: 15:00:46,48 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 PM

Posted 14 July 2010 - 11:19 PM

Hello, mhestholm
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 mhestholm

mhestholm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 16 July 2010 - 01:22 AM

Hi, Tom smile.gif
Thnx for helping me out here ! I'm still runnig in safe mode and had some problems turning off AVAST Antivirus, so I had to remove it. Anyway, here's the logfile from ComboFix.

ComboFix 10-07-15.03 - Michael 16.07.2010 8:17.4.1 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1014.781 [GMT 2:00]
Kjører fra: c:\documents and settings\Michael\Skrivebord\schrauber.exe
.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-16 til 2010-07-16 )))))))))))))))))))))))))))))))))
.

2010-07-10 05:49 . 2010-07-10 05:49 -------- d-----w- C:\FOUND.016
2010-07-09 21:04 . 2010-07-09 21:04 -------- d-----w- c:\windows\LastGood.Tmp
2010-07-09 14:05 . 2010-07-09 14:05 -------- d-----w- C:\FOUND.015
2010-07-09 12:53 . 2010-07-09 12:53 63488 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-09 12:53 . 2010-07-09 12:53 52224 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 12:53 . 2010-07-09 12:53 117760 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-09 12:52 . 2010-07-09 12:52 -------- d-----w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com
2010-07-09 12:52 . 2010-07-09 12:52 -------- d-----w- c:\programfiler\SUPERAntiSpyware
2010-07-09 12:45 . 2010-07-09 12:45 -------- d-----w- C:\FOUND.014
2010-07-09 12:33 . 2010-07-09 12:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-07-09 07:47 . 2010-07-09 07:47 -------- d-----w- c:\documents and settings\Michael\DoctorWeb
2010-07-09 06:45 . 2010-07-09 06:45 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2010-07-09 06:05 . 2010-07-09 06:05 -------- d-----w- c:\programfiler\ESET
2010-07-09 05:14 . 2010-07-09 05:14 -------- d-----w- C:\FOUND.013
2010-07-08 22:38 . 2010-07-08 22:38 -------- d--h--r- c:\documents and settings\Michael\Siste
2010-07-08 21:33 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\50724792.sys
2010-07-08 21:33 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\5072479.sys
2010-07-08 21:33 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\50724791.sys
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\documents and settings\Michael\Programdata\Malwarebytes
2010-07-08 21:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2010-07-08 21:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 20:33 . 2010-07-08 20:33 -------- d-----w- c:\programfiler\CCleaner
2010-07-08 20:32 . 2010-07-08 20:32 -------- d-----w- c:\documents and settings\All Users\Programdata\ReviverSoft
2010-07-08 20:09 . 2010-07-08 20:09 -------- d-----w- C:\FOUND.012
2010-07-08 18:56 . 2010-07-08 18:56 -------- d-----w- c:\documents and settings\All Users\Programdata\F-Secure
2010-07-08 18:43 . 2010-07-08 18:43 -------- d-----w- C:\FOUND.011
2010-07-08 18:38 . 2010-07-08 18:38 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-08 18:05 . 2010-07-08 18:05 -------- d-----w- C:\FOUND.010
2010-06-23 16:39 . 2010-06-23 16:39 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb9.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 08:18 . 2006-02-22 08:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-04 10:40 . 2006-01-16 10:03 89384 ----a-w- c:\documents and settings\Michael\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2010-06-02 16:52 . 2010-06-02 16:52 -------- d-----w- c:\programfiler\MSECache
.

((((((((((((((((((((((((((((( SnapShot@2010-07-08_22.29.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-07-09 12:39 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-07-09 12:39 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 10:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 10:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2005-05-26 02:19 . 2009-08-06 17:23 215920 c:\windows\system32\muweb.dll
+ 2006-03-22 11:31 . 2009-08-06 17:23 274288 c:\windows\system32\mucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-07-09 20:55 . 2010-07-09 20:55 219648 c:\windows\Installer\37c1c.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-07 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-07 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-07 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\programfiler\Acer\Acer Arcade\PCMService.exe" [2005-08-11 143360]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 200704]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-18 462848]
"eRecoveryService"="c:\programfiler\Acer\eRecovery\Monitor.exe" [2005-08-18 352256]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2006-04-04 77824]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2010-01-16 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Michael\Start-meny\Programmer\Oppstart\
setup_9.0.0.722_08.07.2010_23-52[1].lnk - c:\documents and settings\Michael\Skrivebord\Virus Removal Tool\setup_9.0.0.722_08.07.2010_23-52[1]\startup.exe [2010-7-8 72208]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-22 110592]
Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 50724792;50724792 Boot Guard Driver;c:\windows\system32\drivers\50724792.sys [08.07.2010 23:33 37392]
S1 50724791;50724791;c:\windows\system32\drivers\50724791.sys [08.07.2010 23:33 128016]
S1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [30.01.2010 21:40 135664]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 19:40]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 19:40]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.vg.no/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Post Image to Blog - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Upload All Images to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5001
IE: {{670F87A1-88B0-11d4-9030-000021D9C559} - c:\programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
IE: {{C4A67F75-88B2-11d4-9030-000021D9C559} - c:\programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
Trusted Zone: imageshack.us\toolbar
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 08:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL
.
Tidspunkt ferdig: 2010-07-16 08:22:15
ComboFix-quarantined-files.txt 2010-07-16 06:22
ComboFix2.txt 2010-07-09 13:18
ComboFix3.txt 2010-07-08 22:30
ComboFix4.txt 2010-07-08 20:30

Pre-Run: 30 180 343 808 byte ledig
Post-Run: 30 288 117 760 byte ledig

- - End Of File - - 8ECAA218994B2455E3D5527EBAB85B59

Attached Files


Edited by mhestholm, 16 July 2010 - 01:23 AM.


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 PM

Posted 17 July 2010 - 07:50 AM

Hi,


Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://www.bleepingcomputer.com/forums/t/330262/generic-trojan-and-cant-boot-the-system/

Collect::
c:\windows\system32\drivers\50724792.sys
c:\windows\system32\drivers\5072479.sys
c:\windows\system32\drivers\50724791.sys
Driver::
50724792
50724791


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 mhestholm

mhestholm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 19 July 2010 - 10:36 AM

Here is the latest log from ComboFix with the CFScript:

ComboFix 10-07-15.03 - Michael 19.07.2010 17:31:20.5.1 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1014.800 [GMT 2:00]
Kjører fra: c:\documents and settings\Michael\Skrivebord\schrauber.exe
Command switches brukt :: c:\documents and settings\Michael\Skrivebord\CFScript.txt

file zipped: c:\windows\system32\drivers\5072479.sys
file zipped: c:\windows\system32\drivers\50724791.sys
file zipped: c:\windows\system32\drivers\50724792.sys
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\5072479.sys
c:\windows\system32\drivers\50724791.sys
c:\windows\system32\drivers\50724792.sys

.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_50724791
-------\Legacy_50724792
-------\Service_50724791
-------\Service_50724792
-------\Service_setup_9.0.0.722_08.07.2010_23-52[1


((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-19 til 2010-07-19 )))))))))))))))))))))))))))))))))
.

2010-07-10 05:49 . 2010-07-10 05:49 -------- d-----w- C:\FOUND.016
2010-07-09 21:04 . 2010-07-09 21:04 -------- d-----w- c:\windows\LastGood.Tmp
2010-07-09 14:05 . 2010-07-09 14:05 -------- d-----w- C:\FOUND.015
2010-07-09 12:53 . 2010-07-09 12:53 63488 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-09 12:53 . 2010-07-09 12:53 52224 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 12:53 . 2010-07-09 12:53 117760 ----a-w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-09 12:52 . 2010-07-09 12:52 -------- d-----w- c:\documents and settings\Michael\Programdata\SUPERAntiSpyware.com
2010-07-09 12:52 . 2010-07-09 12:52 -------- d-----w- c:\programfiler\SUPERAntiSpyware
2010-07-09 12:45 . 2010-07-09 12:45 -------- d-----w- C:\FOUND.014
2010-07-09 12:33 . 2010-07-09 12:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-07-09 07:47 . 2010-07-09 07:47 -------- d-----w- c:\documents and settings\Michael\DoctorWeb
2010-07-09 06:45 . 2010-07-09 06:45 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2010-07-09 06:05 . 2010-07-09 06:05 -------- d-----w- c:\programfiler\ESET
2010-07-09 05:14 . 2010-07-09 05:14 -------- d-----w- C:\FOUND.013
2010-07-08 22:38 . 2010-07-08 22:38 -------- d--h--r- c:\documents and settings\Michael\Siste
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\documents and settings\Michael\Programdata\Malwarebytes
2010-07-08 21:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2010-07-08 21:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 20:33 . 2010-07-08 20:33 -------- d-----w- c:\programfiler\CCleaner
2010-07-08 20:32 . 2010-07-08 20:32 -------- d-----w- c:\documents and settings\All Users\Programdata\ReviverSoft
2010-07-08 20:09 . 2010-07-08 20:09 -------- d-----w- C:\FOUND.012
2010-07-08 18:56 . 2010-07-08 18:56 -------- d-----w- c:\documents and settings\All Users\Programdata\F-Secure
2010-07-08 18:43 . 2010-07-08 18:43 -------- d-----w- C:\FOUND.011
2010-07-08 18:38 . 2010-07-08 18:38 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-08 18:05 . 2010-07-08 18:05 -------- d-----w- C:\FOUND.010
2010-06-23 16:39 . 2010-06-23 16:39 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb9.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 08:18 . 2006-02-22 08:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-04 10:40 . 2006-01-16 10:03 89384 ----a-w- c:\documents and settings\Michael\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2010-06-02 16:52 . 2010-06-02 16:52 -------- d-----w- c:\programfiler\MSECache
.

((((((((((((((((((((((((((((( SnapShot@2010-07-08_22.29.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-07-09 12:39 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-07-09 12:39 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 10:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 10:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2005-05-26 02:19 . 2009-08-06 17:23 215920 c:\windows\system32\muweb.dll
+ 2006-03-22 11:31 . 2009-08-06 17:23 274288 c:\windows\system32\mucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2005-08-23 22:33 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-07-09 20:55 . 2010-07-09 20:55 219648 c:\windows\Installer\37c1c.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2005-08-23 22:33 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-07 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-07 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-07 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\programfiler\Acer\Acer Arcade\PCMService.exe" [2005-08-11 143360]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 200704]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-18 462848]
"eRecoveryService"="c:\programfiler\Acer\eRecovery\Monitor.exe" [2005-08-18 352256]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2006-04-04 77824]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2010-01-16 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Michael\Start-meny\Programmer\Oppstart\
setup_9.0.0.722_08.07.2010_23-52[1].lnk - c:\documents and settings\Michael\Skrivebord\Virus Removal Tool\setup_9.0.0.722_08.07.2010_23-52[1]\startup.exe [2010-7-8 72208]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-22 110592]
Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [30.01.2010 21:40 135664]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 19:40]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 19:40]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.vg.no/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Post Image to Blog - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Upload All Images to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5001
IE: {{670F87A1-88B0-11d4-9030-000021D9C559} - c:\programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
IE: {{C4A67F75-88B2-11d4-9030-000021D9C559} - c:\programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
Trusted Zone: imageshack.us\toolbar
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 17:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\programfiler\Microsoft Office\OFFICE11\msohev.dll
.
Tidspunkt ferdig: 2010-07-19 17:39:29 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2010-07-19 15:39
ComboFix2.txt 2010-07-16 06:22
ComboFix3.txt 2010-07-09 13:18
ComboFix4.txt 2010-07-08 22:30
ComboFix5.txt 2010-07-19 15:30

Pre-Run: 30 223 171 584 byte ledig
Post-Run: 30 228 774 912 byte ledig

- - End Of File - - 3EA7A6FE4C48157E75DDC32B8CC3A3BE
Opplasting vellykket

Attached Files



#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 PM

Posted 20 July 2010 - 11:55 AM

Hi,



Download MBRCheck.exe to your desktop
XP users > double click on MBRCheck.exe to run it
Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator
It will show a black screen with some data on it
Click on the black C:\ in the upper left hand corner of the black screen
Choose Edit > Select All > Press Enter to copy the data to your clip board
Press Enter again to close MBRCheck
Now open up notepad or wordpad and paste the data in (press Control+V)

Post the results in your reply






Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 PM

Posted 22 July 2010 - 11:04 AM

Any problems? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 mhestholm

mhestholm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 22 July 2010 - 02:17 PM

Having some problems running OTL. I've tried again and again and it just won't respond. Some ideas what to do smile.gif
The ESET didn't find any viruses since these were removed a couple of weeks ago.
I can sum up what was found then and what's in quarantine.

Sorry about the late reply, but I'm on vacation.

Michael

Edited by mhestholm, 23 July 2010 - 03:10 AM.


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 PM

Posted 24 July 2010 - 12:17 PM

Please try this smile.gif

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 PM

Posted 26 July 2010 - 12:18 PM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 mhestholm

mhestholm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 26 July 2010 - 02:24 PM

Attached you can find the different logs smile.gif
Sorry about the late reply, but I don't always have immediatley access, depending on where I am during my vacation, so I hope you'll have some patience with me smile.gif

I've also added a copy og Qoobox and what's been quaranteed by Combofix. Hope this can be any help! Like I told you earlier, ESET Online Scan didn't find any threaths this time.

Michael

2010-07-19 15:34:03 . 2010-07-19 15:34:04 74 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_setup_9.0.0.722_08.07.reg.dat
2010-07-19 15:33:16 . 2010-07-19 15:33:18 2,998 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_50724792.reg.dat
2010-07-19 15:33:16 . 2010-07-19 15:33:18 2,464 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_50724791.reg.dat
2010-07-19 15:33:16 . 2010-07-19 15:33:18 1,312 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_50724792.reg.dat
2010-07-19 15:33:16 . 2010-07-19 15:33:18 1,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_50724791.reg.dat
2010-07-19 15:31:19 . 2010-07-19 15:31:20 237,366 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2010-07-19_17.31.16.zip
2010-07-08 21:33:44 . 2009-09-25 15:59:42 128,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\50724791.sys.vir
2010-07-08 21:33:44 . 2009-10-22 11:54:18 37,392 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\50724792.sys.vir
2010-07-08 21:33:44 . 2009-10-09 21:31:10 315,408 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\5072479.sys.vir
2010-07-08 20:30:22 . 2010-07-08 20:30:24 676 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-GNU Ghostscript Fonts.reg.dat
2010-07-08 20:30:22 . 2010-07-08 20:30:24 674 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-GNU Ghostscript 7.05.reg.dat
2010-07-08 20:30:07 . 2010-07-08 20:30:08 663 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{4E7BD74F-2B8D-469E-DEF1-F078A6D5FA7D}.reg.dat
2010-07-08 20:30:06 . 2010-07-08 20:30:08 608 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{4E7BD74F-2B8D-469E-DEF1-F078A6D5FA7D}.reg.dat
2010-07-08 20:30:06 . 2010-07-08 20:30:08 498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{4E7BD74F-2B8D-469E-DEF1-F078A6D5FA7D}.reg.dat
2010-07-08 20:22:20 . 2010-07-08 20:22:22 1,288 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2010-07-08 20:22:20 . 2010-07-08 20:22:22 1,212 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2010-07-08 20:22:15 . 2010-07-19 15:33:12 8,960 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-08 20:18:12 . 2010-07-19 15:30:10 612 ----a-w- C:\Qoobox\Quarantine\catchme.log
2006-02-23 10:30:48 . 2006-03-20 06:31:56 34 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\oeminfo.ini.vir
2006-01-11 19:48:39 . 2003-04-04 13:03:00 57,344 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2006-01-11 19:48:39 . 2002-03-02 02:10:02 53,299 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
2006-01-11 19:48:39 . 2003-04-04 13:03:54 49,152 ----a-w- C:\Qoobox\Quarantine\C\Programfiler\WinPCap\daemon_mgm.exe.vir
2006-01-11 19:48:39 . 2003-04-04 13:04:34 49,152 ----a-w- C:\Qoobox\Quarantine\C\Programfiler\WinPCap\npf_mgm.exe.vir
2006-01-11 19:48:39 . 2003-04-04 12:54:50 77,824 ----a-w- C:\Qoobox\Quarantine\C\Programfiler\WinPCap\rpcapd.exe.vir
2006-01-11 19:48:39 . 2003-04-04 12:54:48 208,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2006-01-11 19:48:39 . 2003-04-04 13:07:20 30,336 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2005-08-24 14:38:44 . 2005-08-24 14:38:46 315 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\uninstall.ini.vir


MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversjon: 4338

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11

22.07.2010 18:46:18
mbam-log-2010-07-22 (18-46-18).txt

Skanntype: Hurtigsøk
Objekter skannet: 143645
Tid tilbakelagt: 4 minutt(er), 22 sekund(er)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert 0

Minneprosesser infisert:
(Ingen skadelige objekter funnet)

Minnemoduler infisert:
(Ingen skadelige objekter funnet)

Registernøkler infisert:
(Ingen skadelige objekter funnet)

Registerverdier infisert:
(Ingen skadelige objekter funnet)

Registerfiler infisert:
(Ingen skadelige objekter funnet)

Mapper infisert:
(Ingen skadelige objekter funnet)

Filer infisert
(Ingen skadelige objekter funnet)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Michael at 2010-07-26 21:13:53
Microsoft Windows XP Professional Service Pack 2
System drive C: has 29 GB (63%) free of 46 GB
Total RAM: 1014 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:59, on 26.07.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Michael\Skrivebord\RSIT.exe
C:\Programfiler\trend micro\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programfiler\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_08.07.2010_23-52[1].lnk = C:\Documents and Settings\Michael\Skrivebord\Virus Removal Tool\setup_9.0.0.722_08.07.2010_23-52[1]\startup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: Launch High Impact eMail 3.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 3.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Programfiler\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ArnPro.local
O17 - HKLM\Software\..\Telephony: DomainName = ArnPro.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ArnPro.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ArnPro.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ArnPro.local
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programfiler\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programfiler\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9420 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-23 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-01 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2010-01-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 399352]
{6932D140-ABC4-4073-A44C-D4A541665E35} - ImageShack Toolbar - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll [2006-10-19 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-23 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-07 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-07 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-06-07 114688]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"AzMixerSel"=C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PCMService"=C:\Programfiler\Acer\Acer Arcade\PCMService.exe [2005-08-11 143360]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-08-11 200704]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2005-08-19 462848]
"eRecoveryService"=C:\Programfiler\Acer\eRecovery\Monitor.exe [2005-08-18 352256]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-09 14743552]
"QuickTime Task"=C:\Programfiler\QuickTime\qttask.exe [2006-04-04 77824]
"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2010-01-16 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-26 68856]
"updateMgr"=C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-06-29 2403568]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Michael\Start-meny\Programmer\Oppstart
setup_9.0.0.722_08.07.2010_23-52[1].lnk - C:\Documents and Settings\Michael\Skrivebord\Virus Removal Tool\setup_9.0.0.722_08.07.2010_23-52[1]\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-07 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\Acer\Acer Arcade\PCMService.exe"="C:\Programfiler\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Disabled:Veiviser for overføring av filer og innstillinger"
"C:\Programfiler\Visma\SalesOffice\RSO_CLI.exe"="C:\Programfiler\Visma\SalesOffice\RSO_CLI.exe:*:Enabled:SalesOffice Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-26 21:13:53 ----D---- C:\rsit
2010-07-26 21:13:53 ----D---- C:\Programfiler\trend micro
2010-07-22 18:39:47 ----SHD---- C:\Recycled
2010-07-19 17:40:53 ----D---- C:\WINDOWS\temp
2010-07-19 17:39:29 ----A---- C:\ComboFix.txt
2010-07-10 07:49:17 ----ASH---- C:\pagefile.sys
2010-07-10 07:49:16 ----D---- C:\FOUND.016
2010-07-09 23:04:36 ----D---- C:\WINDOWS\LastGood.Tmp
2010-07-09 16:05:16 ----D---- C:\FOUND.015
2010-07-09 15:14:54 ----A---- C:\WINDOWS\SWSC.exe
2010-07-09 15:14:54 ----A---- C:\WINDOWS\SWREG.exe
2010-07-09 14:52:37 ----D---- C:\Documents and Settings\Michael\Programdata\SUPERAntiSpyware.com
2010-07-09 14:52:29 ----D---- C:\Programfiler\SUPERAntiSpyware
2010-07-09 14:45:52 ----D---- C:\FOUND.014
2010-07-09 14:39:38 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-07-09 14:39:19 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-07-09 14:39:19 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-07-09 14:39:19 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-07-09 14:33:37 ----D---- C:\Documents and Settings\All Users\Programdata\Alwil Software
2010-07-09 08:45:53 ----D---- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2010-07-09 08:05:44 ----D---- C:\Programfiler\ESET
2010-07-09 07:14:03 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-09 07:14:00 ----D---- C:\FOUND.013
2010-07-09 00:49:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-08 23:11:29 ----D---- C:\Documents and Settings\Michael\Programdata\Malwarebytes
2010-07-08 23:11:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-08 23:11:17 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2010-07-08 23:11:16 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2010-07-08 23:11:16 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-08 22:33:38 ----D---- C:\Programfiler\CCleaner
2010-07-08 22:32:04 ----D---- C:\Documents and Settings\All Users\Programdata\ReviverSoft
2010-07-08 22:20:11 ----A---- C:\Boot.bak
2010-07-08 22:20:08 ----RASHD---- C:\cmdcons
2010-07-08 22:18:15 ----A---- C:\WINDOWS\zip.exe
2010-07-08 22:18:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-08 22:18:15 ----A---- C:\WINDOWS\sed.exe
2010-07-08 22:18:15 ----A---- C:\WINDOWS\PEV.exe
2010-07-08 22:18:15 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-08 22:18:15 ----A---- C:\WINDOWS\MBR.exe
2010-07-08 22:18:15 ----A---- C:\WINDOWS\grep.exe
2010-07-08 22:18:12 ----D---- C:\WINDOWS\ERDNT
2010-07-08 22:09:20 ----D---- C:\FOUND.012
2010-07-08 22:01:21 ----D---- C:\Qoobox
2010-07-08 20:56:31 ----D---- C:\Documents and Settings\All Users\Programdata\F-Secure
2010-07-08 20:43:20 ----D---- C:\FOUND.011
2010-07-08 20:05:50 ----D---- C:\FOUND.010

======List of files/folders modified in the last 1 months======

2010-07-19 17:37:40 ----A---- C:\WINDOWS\system.ini
2010-07-09 22:52:54 ----N---- C:\WINDOWS\system32\eRLog.ini
2010-07-09 22:52:16 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Voice Modem with SmartCP.txt
2010-07-08 22:20:12 ----RASH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 agpCPQ;Compaq AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
R0 alim1541;ALI AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
R0 amdagp;Driver for AMD AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
R0 sisagp;SIS AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
R0 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R0 viaagp;VIA AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-08-24 6144]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2200BG nettverkstilkoblingsdriver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
S1 intelppm;Intel-prosessordriver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 39936]
S1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14720]
S1 SASDIFSV;SASDIFSV; \??\C:\Programfiler\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS []
S1 setup_9.0.0.722_08.07.2010_23-52[1]drv;setup_9.0.0.722_08.07.2010_23-52[1]drv; C:\WINDOWS\system32\DRIVERS\5072479.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-01-11 17119]
S2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
S2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
S2 int15.sys;int15.sys; \??\C:\Programfiler\Acer\eRecovery\int15.sys []
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
S2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
S3 catchme;catchme; \??\C:\schrauber\catchme.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-06-30 1034752]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-06-30 200704]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-07 1050140]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
S3 MODEMCSA;Unimodem Streaming-filterenhet; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;HID-driver for mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-06 12160]
S3 QV2KUX;Casio digitalt kamera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-06-30 716416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2005-06-06 1273344]
S2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Programfiler\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-08-11 249954]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Programfiler\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-08-11 114772]
S2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Programfiler\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-08-11 61440]
S2 EvtEng;EvtEng; C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate;Googles oppdateringstjeneste (gupdate); C:\Programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2010-01-16 153376]
S2 MDM;Machine Debug Manager; C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 RegSrvc;RegSrvc; C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programfiler\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
S2 S24EventMonitor;Spectrum24 Event Monitor; C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Software Updater; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-04 182768]
S3 ose;Office Source Engine; C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programfiler\WinPcap\rpcapd.exe -d -f C:\Programfiler\WinPcap\rpcapd.ini []
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2010-07-26 21:14:01

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Arcade-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eManager for Notebook-->C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer eNetManagement-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePowerManagement-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x14
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS-->RunDll32 "C:\Programfiler\Fellesfiler\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Programfiler\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Programfiler\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programfiler\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Adobe Streamline 4.0-->C:\WINDOWS\uninst.exe -f"C:\Adobe\Streamline 4.0\DeIsL1.isu"
Adobe SVG Viewer 3.0-->C:\Programfiler\Fellesfiler\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programfiler\Fellesfiler\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager 4.1-->C:\WINDOWS\uninst.exe -f"C:\Programfiler\Adobe Type Manager\DeIsL1.isu" -c"C:\Programfiler\Adobe Type Manager\UNINST.DLL"
ArGoSoft Mail Server Freeware-->c:\Program Files\ArGo Software Design\Mail Server\uninst.exe
CCleaner-->"C:\Programfiler\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ESET Online Scanner v3-->C:\Programfiler\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Google Toolbar for Internet Explorer-->"C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarManager_6447DDAF760F41DD.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Voice Modem with SmartCP-->C:\Programfiler\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025008F\HXFSETUP.EXE -U -IAcr008FK.inf
High Impact eMail 3.0-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9809E95B-6AB5-445C-8BCB-6B0FBD62B823}\setup.exe" -l0x9 Uninstall HIE3
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
ImageShack Toolbar for Internet Explorer-->MsiExec.exe /X{92E6E396-0566-46DF-AB50-20B4A7F3AF17}
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.1-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext
Java Web Start-->"C:\Programfiler\Java Web Start\uninst-javaws.exe"
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Programfiler\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110414-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
NoteCard-->C:\PROGRA~1\FAMILY~1\NOTECARD\UNWISE.EXE C:\PROGRA~1\FAMILY~1\NOTECARD\NC32.LOG
NTI Backup NOW! 4-->C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Oppdatering for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Ravn Foretaksinformasjon-->regsvr32.exe -u -s C:\WINDOWS\DOWNLO~1\rtool.dll
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x14 REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x14 -removeonly
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
SUPERAntiSpyware-->"C:\Programfiler\SUPERAntiSpyware\Uninstall.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP hurtigreparasjon - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Programfiler\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe

======System event log======

Computer Name: ACER-8BD37F0983
Event Code: 4201
Message: Fant at nettverkskortet \DEVICE\TCPIP_{1F9DBB4C-E339-4C6B-9355-2123F7A8F1DF} var koblet til nettverket,
og har startet normal operasjon over nettverkskortet.

Record Number: 117659
Source Name: Tcpip
Time Written: 20100704093053.000000+120
Event Type: Informasjon
User:

Computer Name: ACER-8BD37F0983
Event Code: 4201
Message: Fant at nettverkskortet \DEVICE\TCPIP_{1F9DBB4C-E339-4C6B-9355-2123F7A8F1DF} var koblet til nettverket,
og har startet normal operasjon over nettverkskortet.

Record Number: 117658
Source Name: Tcpip
Time Written: 20100704092633.000000+120
Event Type: Informasjon
User:

Computer Name: ACER-8BD37F0983
Event Code: 4201
Message: Fant at nettverkskortet \DEVICE\TCPIP_{1F9DBB4C-E339-4C6B-9355-2123F7A8F1DF} var koblet til nettverket,
og har startet normal operasjon over nettverkskortet.

Record Number: 117657
Source Name: Tcpip
Time Written: 20100704091523.000000+120
Event Type: Informasjon
User:

Computer Name: ACER-8BD37F0983
Event Code: 4201
Message: Fant at nettverkskortet \DEVICE\TCPIP_{1F9DBB4C-E339-4C6B-9355-2123F7A8F1DF} var koblet til nettverket,
og har startet normal operasjon over nettverkskortet.

Record Number: 117656
Source Name: Tcpip
Time Written: 20100704090613.000000+120
Event Type: Informasjon
User:

Computer Name: ACER-8BD37F0983
Event Code: 4201
Message: Fant at nettverkskortet \DEVICE\TCPIP_{1F9DBB4C-E339-4C6B-9355-2123F7A8F1DF} var koblet til nettverket,
og har startet normal operasjon over nettverkskortet.

Record Number: 117655
Source Name: Tcpip
Time Written: 20100704090213.000000+120
Event Type: Informasjon
User:

=====Application event log=====

Computer Name: ACER-8BD37F0983
Event Code: 1002
Message: Hengende program iexplore.exe, versjon 7.0.6000.16414, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.

Record Number: 36562
Source Name: Application Hang
Time Written: 20100411073824.000000+120
Event Type: Feil
User:

Computer Name: ACER-8BD37F0983
Event Code: 0
Message:
Record Number: 36561
Source Name: gusvc
Time Written: 20100411073803.000000+120
Event Type: Informasjon
User:

Computer Name: ACER-8BD37F0983
Event Code: 15
Message: Den automatiske sertifikatregistreringen for lokalt system kan ikke kontakte Active Directory (0x8007054b). Det angitte domenet finnes ikke eller kan ikke kontaktes.
Registreringen blir ikke utført.

Record Number: 36560
Source Name: AutoEnrollment
Time Written: 20100411073749.000000+120
Event Type: Feil
User:

Computer Name: ACER-8BD37F0983
Event Code: 1807
Message: Tjenesten Security Center er stanset. En gruppepolicy for programvare hindret tjenesten i å kjøre.

Record Number: 36559
Source Name: SecurityCenter
Time Written: 20100411073655.000000+120
Event Type: Informasjon
User:

Computer Name: ACER-8BD37F0983
Event Code: 0
Message:
Record Number: 36558
Source Name: CLSched
Time Written: 20100411073654.000000+120
Event Type: Informasjon
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programfiler\Intel\Wireless\Bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Attached Files



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 PM

Posted 27 July 2010 - 11:23 PM

You run the scans in safe mode. Are you still not able to run the system in normal mode?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 mhestholm

mhestholm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 28 July 2010 - 03:14 PM

28.07.2010
Hi smile.gif
Been able to start i normal mode for 1 hour. So I'm hoping this will last. Last time, a week before I contacted you guys, this was also the situation, but after a couple of hours the laptop started automaticly to shut down. So, what's the next move?

29.07.2010
Today the laptop is really damaged as I got the famous "blue screen of death" and can't even start i safe mode. Is the only respnse now to go ahead with a system restore?? It started to dump physical memory !!!

Edited by mhestholm, 29 July 2010 - 05:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users