slow computer[solved]

Unknown

hello there, well I were searching on the internet when my pc suddenly just turned off, and sins that, it has been so slow, I got a HJT log for ya, take a look man:)



Logfile of HijackThis v1.99.1
Scan saved at 16:23:06, on 02-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Norton Internet Security\ISSVC.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmer\DAP\DAP.EXE
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Arto\Notifier\ArtoNotifier.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Mike\Skrivebord\Programmer\HijackThis.exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O1 - Hosts: 86.84.200.132 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RaidTool] C:\Programmer\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmer\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ArtoNotifier] C:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - Startup: Adobe Gamma.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Sp34k

Well ill try write again, normaly it's something you have to do before people resons so here goes my 2nd. message;)

Trogan

Hi, Sorry for the delay.

You are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find Safer Alternatives. Please uninstall DAP from Control Panel / Add Remove programs.

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O1 - Hosts: 86.84.200.132 L2authd.lineage2.com

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

Please do an online scan with Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log

Sp34k

Hello there buddy.. Here is my Panda log following of the Hijackthis log



Incident Status Location

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adopt.hbmediapro[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Cookies\mike@com[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Mike\Cookies\mike@yadro[2].txt
Adware:Adware/SaveNow Not disinfected C:\RECYCLER\S-1-5-21-2025429265-583907252-725345543-1003\Dc912\Themexp.org File\Ezthemes_WhenUSaveNow_InstallerInst.exe
Spyware:Spyware/New.net Not disinfected C:\RECYCLER\S-1-5-21-2025429265-583907252-725345543-1003\Dc912\Themexp.org File\NNWDAB638.EXE
Adware:Adware/WhenUSearch Not disinfected C:\RECYCLER\S-1-5-21-2025429265-583907252-725345543-1003\Dc912\Themexp.org File\SetupInst.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs




Logfile of HijackThis v1.99.1
Scan saved at 13:04:55, on 08-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Norton Internet Security\ISSVC.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmer\DAP\DAP.EXE
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Arto\Notifier\ArtoNotifier.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Windows NT\Tilbehør\wordpad.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mike\Skrivebord\Programmer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RaidTool] C:\Programmer\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmer\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ArtoNotifier] C:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - Startup: Adobe Gamma.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmer\DAP\Privacy Package\dapcleanerie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe (file missing)



Go for it dude =)

Trogan

Hi,

I see you decided to keep DAP? Thats fine.

I would like to see another log from HijackThis.

• Run Hijackthis.
• Click on Open the Misc Tools section.
• Next click on Open uninstall manager.
• Press the Save list button. It will open a Notepad file.
• Save the file to your desktop, with the default name of uninstall_list
• Copy & Paste the entire contents of that file in your in your next post.

Please post the Uninstall list, and let me know what problems you have.

Sp34k

In a way yeah.. Ehm, I were thinking if I could turn it off and when i wanted to use it I could turn it on again, would it do much damaged then?

But here you are boddy:

Logfile of HijackThis v1.99.1
Scan saved at 20:36:59, on 08-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Norton Internet Security\ISSVC.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmer\DAP\DAP.EXE
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Arto\Notifier\ArtoNotifier.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\TGTSoft\StyleXP\StyleXP.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programmer\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Documents and Settings\Mike\Skrivebord\Programmer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RaidTool] C:\Programmer\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmer\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ArtoNotifier] C:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmer\DAP\Privacy Package\dapcleanerie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Trogan

Hi,

In a way yeah.. Ehm, I were thinking if I could turn it off and when i wanted to use it I could turn it on again, would it do much damaged then?

That should be OK.

Can you tell me what problems you are having please? If its the random shutdowns, then I would guess you have a Hardware problem.

Let me know.

Sp34k

Well there are some problems when I start up my computer, it's really, really slow and sometimes i need to reboot my pc cause the icons on my deskup is gone, its only the wallpaper thats visible even if I wait 15 min. or some..

But you think that I need to formate my pc and start up on a new one?
Otherwise, i got about 1 gb. left on my 2nd. harddisk and my C-drev has 3 gb. left.. you think that could be the problem?

Trogan

No need to format yet.

Can you post the Uninstall list please?

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Please post the AVG report, New HijackThis and the Uninstall list please.

Sp34k

Yo buddy.. How to get the uninstall log?

Anyway, Here is the AVG Anti-Spyware log and HJT log:


Incident Status Location

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adopt.hbmediapro[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Cookies\mike@com[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Mike\Cookies\mike@yadro[2].txt
Adware:Adware/SaveNow Not disinfected C:\RECYCLER\S-1-5-21-2025429265-583907252-725345543-1003\Dc912\Themexp.org File\Ezthemes_WhenUSaveNow_InstallerInst.exe
Spyware:Spyware/New.net Not disinfected C:\RECYCLER\S-1-5-21-2025429265-583907252-725345543-1003\Dc912\Themexp.org File\NNWDAB638.EXE
Adware:Adware/WhenUSearch Not disinfected C:\RECYCLER\S-1-5-21-2025429265-583907252-725345543-1003\Dc912\Themexp.org File\SetupInst.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Logfile of HijackThis v1.99.1
Scan saved at 22:30:04, on 10-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Norton Internet Security\ISSVC.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmer\DAP\DAP.EXE
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\TGTSoft\StyleXP\StyleXP.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Arto\Notifier\ArtoNotifier.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Electronic Arts\The Godfather® The Game\godfather.exe
C:\DOCUME~1\Mike\LOKALE~1\Temp\~e5.0001
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Programmer\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mike\Skrivebord\Programmer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RaidTool] C:\Programmer\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmer\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ArtoNotifier] C:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmer\DAP\Privacy Package\dapcleanerie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmer\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Take care bro, ! And thanks again!

Trogan

To get an Uninstall list, do this:

• Run Hijackthis.
• Click on Open the Misc Tools section.
• Next click on Open uninstall manager.
• Press the Save list button. It will open a Notepad file.
• Save the file to your desktop, with the default name of uninstall_list
• Copy & Paste the entire contents of that file in your in your next post.

Also, you posted a log from Panda. Did you run AVG Anti-Spyware? Check my last post.

Sp34k

Woops. sorry, rong log file I got it here dude, first the uninstall:

Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
AVG Anti-Spyware 7.5
Battlefield 2(TM)
BF2 Map - Operation: Black Hawk Down with Singleplayer
BF2: Operation Nightshift
BrainWave Generator
Call of Duty(R) 2
CC_ccProxyExt
ccCommon
ccPxyCore
C-Media 3D Audio
Codename: Outbreak
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative Zen Micro
Dawn Of War
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
Emperor: Battle For Dune
iTunes
Jasc Paint Shop Pro 9
Lineage II
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
MAGIX music maker 7
Medal of Honor Pacific Assault(tm)
Medal of Honor Pacific Assault(tm) Patch2
Messenger Plus! 3
MSN Messenger 7.5
MSRedist
Need for Speed Underground 2
NewsLeecher
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
NVIDIA Drivers
Opdatering til Windows XP (KB894391)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB900485)
Opdatering til Windows XP (KB904942)
Opdatering til Windows XP (KB908531)
Opdatering til Windows XP (KB910437)
Opdatering til Windows XP (KB911280)
Opdatering til Windows XP (KB916595)
Opdatering til Windows XP (KB920872)
Opdatering til Windows XP (KB922582)
Panda ActiveScan
PCI Audio Driver
PowerDVD
QuickPar 0.9
QuickTime
Realtek AC'97 Audio
Red Faction
Registry Mechanic 5.2
Serious Samurize
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 10 (KB917734)
Sikkerhedsopdatering til Windows XP (KB890046)
Sikkerhedsopdatering til Windows XP (KB893756)
Sikkerhedsopdatering til Windows XP (KB896358)
Sikkerhedsopdatering til Windows XP (KB896422)
Sikkerhedsopdatering til Windows XP (KB896423)
Sikkerhedsopdatering til Windows XP (KB896424)
Sikkerhedsopdatering til Windows XP (KB896428)
Sikkerhedsopdatering til Windows XP (KB899587)
Sikkerhedsopdatering til Windows XP (KB899589)
Sikkerhedsopdatering til Windows XP (KB899591)
Sikkerhedsopdatering til Windows XP (KB900725)
Sikkerhedsopdatering til Windows XP (KB901017)
Sikkerhedsopdatering til Windows XP (KB901214)
Sikkerhedsopdatering til Windows XP (KB902400)
Sikkerhedsopdatering til Windows XP (KB904706)
Sikkerhedsopdatering til Windows XP (KB905414)
Sikkerhedsopdatering til Windows XP (KB905749)
Sikkerhedsopdatering til Windows XP (KB908519)
Sikkerhedsopdatering til Windows XP (KB911562)
Sikkerhedsopdatering til Windows XP (KB911567)
Sikkerhedsopdatering til Windows XP (KB911927)
Sikkerhedsopdatering til Windows XP (KB912812)
Sikkerhedsopdatering til Windows XP (KB912919)
Sikkerhedsopdatering til Windows XP (KB913433)
Sikkerhedsopdatering til Windows XP (KB913446)
Sikkerhedsopdatering til Windows XP (KB913580)
Sikkerhedsopdatering til Windows XP (KB914388)
Sikkerhedsopdatering til Windows XP (KB914389)
Sikkerhedsopdatering til Windows XP (KB916281)
Sikkerhedsopdatering til Windows XP (KB917159)
Sikkerhedsopdatering til Windows XP (KB917344)
Sikkerhedsopdatering til Windows XP (KB917422)
Sikkerhedsopdatering til Windows XP (KB917953)
Sikkerhedsopdatering til Windows XP (KB918439)
Sikkerhedsopdatering til Windows XP (KB918899)
Sikkerhedsopdatering til Windows XP (KB919007)
Sikkerhedsopdatering til Windows XP (KB920214)
Sikkerhedsopdatering til Windows XP (KB920670)
Sikkerhedsopdatering til Windows XP (KB920683)
Sikkerhedsopdatering til Windows XP (KB920685)
Sikkerhedsopdatering til Windows XP (KB921398)
Sikkerhedsopdatering til Windows XP (KB921883)
Sikkerhedsopdatering til Windows XP (KB922616)
Sikkerhedsopdatering til Windows XP (KB925486)
Sonic RecordNow!
Soul Reaver 2
SPBBC
SpeedOptimizer
StuffPlug-NG (Messenger Plus! Plugins)
StyleBuilder (remove only)
StyleXP (remove only)
Symantec Script Blocking Installer
SymNet
TibEd (remove only)
Total Commander (Remove or Repair)
VIA Platform Device Manager
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR 3.60 (Dansk)
World of Warcraft
XoftSpy



Then the AVG:

---

AVG Anti-Spyware - Scan Report

---

+ Created at: 22:43:50 09-10-2006

+ Scan result:



HKU\S-1-5-21-2025429265-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP34\A0011586.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP60\A0017476.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP60\A0017490.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017750.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017751.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017757.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017776.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017777.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP70\A0020013.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP70\A0020014.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP70\A0020015.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP80\A0020587.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP50\A0032094.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP50\A0032095.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP55\A0034468.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0040731.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP61\A0040963.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066334.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066335.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066352.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066353.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066354.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP60\A0017497.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017788.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017778.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017779.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Dokumenter\My Completed Downloads\WUSVInst.exe/ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Dokumenter\My Completed Downloads\WUSVInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Dokumenter\My Completed Downloads\WUSVInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017752.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP64\A0018837.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP80\A0020585.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP80\A0020586.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP80\A0020588.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP55\A0034467.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP55\A0034469.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP84\A0057530.exe/MyEmoticons_WhenUSaveNow_Installer.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066349.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066350.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066351.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP49\A0014272.exe -> Backdoor.Agent.aas : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP49\A0014293.EXE -> Backdoor.Agent.aas : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0038985.exe -> Downloader.Adload.aw : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0038986.exe -> Downloader.Adload.aw : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0039085.exe -> Downloader.Adload.aw : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0039086.exe -> Downloader.Adload.aw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP24\A0008825.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP28\A0010213.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP32\A0011393.exe -> Downloader.Small.bwy : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Skrivebord\Lort\Ny mappe\crack.exe -> Downloader.VB.afo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP28\A0010212.exe -> Downloader.Zlob.aby : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP26\A0010152.exe -> Downloader.Zlob.yj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP27\A0010166.exe -> Downloader.Zlob.yj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP28\A0010195.exe -> Downloader.Zlob.yj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP24\A0008816.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP24\A0008841.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0008870.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0008876.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0008882.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0009058.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0009079.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP64\A0018844.exe -> Dropper.Agent.asf : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP26\A0010135.exe -> Dropper.Agent.asl : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP27\A0016077.exe -> Trojan.Agent.rq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP29\A0011255.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP32\A0011382.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP32\A0011394.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP21\A0014512.exe -> Trojan.Mygot : Cleaned with backup (quarantined).


::Report end

Then dude,

Trogan

Logs look clean to me.

How are things for you?

Sp34k

But dude, what about all these critical objects from the AVG log?

---

AVG Anti-Spyware - Scan Report

---

+ Created at: 22:43:50 09-10-2006

+ Scan result:



HKU\S-1-5-21-2025429265-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP34\A0011586.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP60\A0017476.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP60\A0017490.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017750.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017751.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017757.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017776.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017777.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP70\A0020013.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP70\A0020014.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP70\A0020015.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP80\A0020587.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP50\A0032094.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP50\A0032095.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP55\A0034468.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0040731.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP61\A0040963.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066334.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066335.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066352.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066353.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066354.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP60\A0017497.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017788.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017778.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017779.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Dokumenter\My Completed Downloads\WUSVInst.exe/ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Dokumenter\My Completed Downloads\WUSVInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Dokumenter\My Completed Downloads\WUSVInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP63\A0017752.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP64\A0018837.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP80\A0020585.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP80\A0020586.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP80\A0020588.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP55\A0034467.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP55\A0034469.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP84\A0057530.exe/MyEmoticons_WhenUSaveNow_Installer.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066349.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066350.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP96\A0066351.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP49\A0014272.exe -> Backdoor.Agent.aas : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP49\A0014293.EXE -> Backdoor.Agent.aas : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0038985.exe -> Downloader.Adload.aw : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0038986.exe -> Downloader.Adload.aw : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0039085.exe -> Downloader.Adload.aw : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP60\A0039086.exe -> Downloader.Adload.aw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP24\A0008825.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP28\A0010213.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP32\A0011393.exe -> Downloader.Small.bwy : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Skrivebord\Lort\Ny mappe\crack.exe -> Downloader.VB.afo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP28\A0010212.exe -> Downloader.Zlob.aby : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP26\A0010152.exe -> Downloader.Zlob.yj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP27\A0010166.exe -> Downloader.Zlob.yj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP28\A0010195.exe -> Downloader.Zlob.yj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP24\A0008816.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP24\A0008841.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0008870.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0008876.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0008882.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0009058.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP25\A0009079.exe -> Downloader.Zlob.zx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP64\A0018844.exe -> Dropper.Agent.asf : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP26\A0010135.exe -> Dropper.Agent.asl : Cleaned with backup (quarantined).
C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP27\A0016077.exe -> Trojan.Agent.rq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP29\A0011255.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP32\A0011382.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1C83BC46-2CBE-4465-A27E-515307A4A4B2}\RP32\A0011394.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{41B085E9-07B0-408D-9B3E-BBEAF3A0BB08}\RP21\A0014512.exe -> Trojan.Mygot : Cleaned with backup (quarantined).


As I you told me then I shoudn't delete those objects, but shoudn't I delete them from my pc? Anyway, It still a bit slow.. But its much better now then before, well I'm at class about FLASH so i have to end my reply now, ill be back dude.. Keep ya head up.. Peace

Trogan

AVG Anti-Spyware cleaned everything it found, so there is no problem there.

Lets do another scan:

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
• Once you receive the prompt "All Done!", double-click the new text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Sp34k

Hello buddy, all done and heres the log file

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:

---

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ArtoNotifier" = "C:\Programmer\Arto\Notifier\ArtoNotifier.exe" ["Arto.dk ApS"]
"STYLEXP" = "C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"RaidTool" = "C:\Programmer\VIA\RAID\raid_tool.exe" ["VIA Technologies"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"ccApp" = ""C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"RemoteControl" = "C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"DataLayer" = "C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"DownloadAccelerator" = ""C:\Programmer\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."]
"SpeedOptimizer" = "C:\PROGRA~1\SPEEDO~1\SPO.EXE -s " [empty string]
"MessengerPlus3" = ""C:\Programmer\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
"QuickTime Task" = ""C:\Programmer\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
-> {HKLM...CLSID} = "CNisExtBho Class"
\InProcServer32\(Default) = "C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmpanorering"
-> {HKLM...CLSID} = "Kontrolpanel-udvidelse til skærmpanorering"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{BF05BB6E-442C-428B-8025-82280B7BC26C}" = "Zen Micro Media Explorer"
-> {HKLM...CLSID} = "Zen Micro Media Explorer"
\InProcServer32\(Default) = "C:\Programmer\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Programmer\Sonic\RecordNow!\shlext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Programmer\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Programmer\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "C:\Programmer\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{EB146AD0-2695-4FB0-BE96-40DAF870CA1E}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\sqimeng.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> wzcnotif\DLLName = "wzcdlg.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:

---

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:

---

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Landskab.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Landskab.bmp"


Enabled Screen Saver:

---

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Mike" & "All Users" startup folders:

---

C:\Documents and Settings\Mike\Menuen Start\Programmer\Start
"Adobe Gamma" -> shortcut to: "C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:

---

"Norton AntiVirus - Scan my computer - Mike" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"XoftSpy" -> launches: "C:\Programmer\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]


Winsock2 Service Provider DLLs:

---

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:

---

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Norton Internet Security"
\InProcServer32\(Default) = "C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {HKLM...CLSID} = "Norton Internet Security"
\InProcServer32\(Default) = "C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmer\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):

---

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
ISSvc, ISSVC, ""C:\Programmer\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

---

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.

---

(total run time: 57 seconds, including 18 seconds for message boxes)

Trogan

That log is clean.

Sp34k

huh, that's great man:) yo dude, I sad it before, and I'll say it again: Good work! Impressive as allways, i would say: This thread is <b>Complete</b>, well done man! Thanks alot for all your help and support, thanks for all the time you have used to help, and thanks becouse you had the will to help:)

Take care man, your work is great.. Take care of yourself and keep up the good work!

- Mike

Trogan

Thanks for the kind words, Mike!

I'll close the thread.