i got the same problem but my computer will just work in safemode i have treid norton nod32 spybot and adaware noting helps.

here is an hijak this log in safe mode.


Logfile of HijackThis v1.99.1
Scan saved at 18:02:12, on 2006-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Norton GoBack\GBPoll.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\isnotify.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\iTunes\iTunesHelper.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\HPQ\SHARED\HPQWMI.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\taskmgr.exe
c:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\Delade filer\{31B22731-0891-1053-1107-05050926002e}\MyToolBar.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxaz.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Hcou] "C:\DOCUME~1\HEMPC\MINADO~1\MBOLS~1\taskmgr.exe" -vt yazb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

* Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
3. Run AVG Anti-Spyware
4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
5. After the update finishes (the status bar at the bottom will display "Update successful")
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
7. Under "Reports
8. Select "Automatically generate report after every scan"
9. Un-Select "Only if threats were found"

[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

* Next, run Ad-aware and perform a full scan. Remove everything found.

1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
4. If you have any infections you will prompted, then select "Apply all actions"
5. Next select the "Reports" icon at the top.
6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.


* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the AVG Anti-Spyware 7.5 scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.

hie i have followed your instructions but i am just able to scan with hijakthis in safe mode when i start normal mode explorer.exe starts to take up 98-99% of cpu usage and then Norton keeps telling me that it has found a virus named "Downloader" in the temp map I don’t remember the name on the file but if the first one is named temp.dat (this is not the file name) so is the second named tempa.dat and the third tempb.dat and so one.

here is the logs you requested (all scaned in safemode) ad-aware found noting this time but use to find win32.trojan someting

Logfile of HijackThis v1.99.1
Scan saved at 17:23:50, on 2006-11-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe




smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"

Running from
C:\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program\\Hp\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\\setup\\HPZNET01.EXE"="E:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\\setup\\HPONICIFS01.EXE"="E:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"D:\\Slaget om Midg†rd II\\game.dat"="D:\\Slaget om Midg†rd II\\game.dat:*:Enabled:Slaget om Midg†rdT II"
"C:\\Program\\Messenger\\msmsgs.exe"="C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"="C:\\Program\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe:*:Enabled:BattlefrontII"
"D:\\Quake III Arena\\quake3.exe"="D:\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"C:\\Program\\BitLord\\BitLord.exe"="C:\\Program\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\crack\\utorrent.exe"="D:\\crack\\utorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Fj„rrhj„lp - Windows Messenger och tal"
"\\\\compaqxp\\C\\Rockbox\\utorrent.exe"="\\\\compaqxp\\C\\Rockbox\\utorrent.exe:*:Enabled:æTorrent"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1424 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN!

Ad-Aware SE Build 1.06r1
Logfile Created on:den 14 november 2006 07:28:30
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R131 09-11-2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2006-11-14 07:28:30 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 768
ThreadCreationTime : 2006-11-14 06:19:00
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 2006-11-14 06:19:07
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 2006-11-14 06:19:09
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 2006-11-14 06:19:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Tjänst- och styrenhetsprogram
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 904
ThreadCreationTime : 2006-11-14 06:19:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 2006-11-14 06:19:19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1132
ThreadCreationTime : 2006-11-14 06:19:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 2006-11-14 06:19:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1292
ThreadCreationTime : 2006-11-14 06:19:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1348
ThreadCreationTime : 2006-11-14 06:19:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1888
ThreadCreationTime : 2006-11-14 06:24:22
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : EXPLORER.EXE

#:12 [avgas.exe]
FilePath : C:\Program\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1456
ThreadCreationTime : 2006-11-14 06:24:50
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:13 [firefox.exe]
FilePath : C:\Program\Mozilla Firefox\
ProcessID : 1500
ThreadCreationTime : 2006-11-14 06:24:54
BasePriority : Normal


#:14 [ad-aware.exe]
FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1332
ThreadCreationTime : 2006-11-14 06:28:20
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
3 entries scanned.
New critical objects:0
Objects found so far: 0


07:36:41 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:10.453
Objects scanned:189941
Objects identified:0
Objects ignored:0
New critical objects:0

I don't see any logs.

they are there now all exept the avg log that i couldn't find but it just detected some cookies.

Please post the log as your next reply instead and do not edit your posts.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.

* Please open hijackthis and put a check next to the following:

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

hi i am trying to uninstall java now but normalmode is just so slow and when i started the computer nod32 displayed this "C:\WINDOWS\system32\wvurrrr.dll - probably a variant of Win32/TrojanDownloader.ConHook trojan", and this "probably a variant of Win32/TrojanDownloader.ConHook trojan found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\WINDOWS\system32\wvurrrr.dll."
i also had to quit explorer.exe to ba able to do anyting on the computer.

but i am working to install the new java and then run the other file.

Do this step first:

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

okej how long is a scaning suposed to take?
it have been scaning for some houres now and it just keep saying searching for file : update.exe then switch to spuninst.exe then back to update.exe again.


Edit: it just started to search normal again,

What tool are you talking about?

VundoFix

VundoFix V6.2.8

Checking Java version...

Sun Java not detected
Scan started at 18:01:40 2006-11-14

Listing files found while scanning....

C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\utvwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\utvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utvwa.tmp
C:\WINDOWS\system32\utvwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Has been deleted!

Performing Repairs to the registry.
Done!

combofixlog:
HEMPC - 06-11-14 21:43:03,90 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program\Delade filer\{31B22731-0891-1053-1107-05050926002e}
C:\Program\Delade filer\{51B22731-0891-1053-1107-05050926002e}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\HEMPC\Mina dokument\MBOLS~1
C:\QooBox\Purity\Documents and Settings\HEMPC\Mina dokument\MBOLS~1\??mbols
C:\QooBox\Purity\Program\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET\??crosoft.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))


2006-11-14 21:12 16,508,560 --a------ C:\jre-1_5_0_09-windows-i586-p.exe
2006-11-14 21:06 692,276 ---hs---- C:\WINDOWS\system32\ddcyx.dll
2006-11-14 21:06 692,276 ---hs---- C:\WINDOWS\system32\awvts.dll
2006-11-14 18:01 86,528 --a------ C:\VundoFix.exe
2006-11-14 17:38 277,182 --a------ C:\combofix.exe
2006-11-13 21:54 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-13 17:16 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-13 17:16 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-13 17:16 2,898 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-13 17:16 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-12 15:37 40,973 --------- C:\WINDOWS\system32\wvurrrr.dll
2006-11-12 13:30 2 --a------ C:\WINDOWS\system32\wcpit.exe
2006-11-12 10:11 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-11-12 10:11 274,432 --a------ C:\WINDOWS\system32\imon.dll
2006-11-10 18:49 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2006-11-10 18:49 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2006-11-10 18:48 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2006-11-01 22:20 45,568 --a------ C:\WINDOWS\UniFish3.exe
2006-10-21 12:09 81,920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2006-10-21 12:09 8,064 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2006-10-21 12:09 4,608 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys
2006-10-20 16:40 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2006-10-20 16:40 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-14 21:44 -------- d-------- C:\Program\Delade filer
2006-11-14 21:41 -------- d-------- C:\Program\Mozilla Firefox
2006-11-14 21:15 -------- d-------- C:\Program\Java
2006-11-14 21:14 -------- d-------- C:\Program\Delade filer\Java
2006-11-14 21:13 -------- d-------- C:\Program\Delade filer\Symantec Shared
2006-11-14 17:56 -------- d-------- C:\Program\Norton Internet Security
2006-11-13 22:24 -------- d-------- C:\Program\Internet Explorer
2006-11-13 21:54 -------- d-------- C:\Program\Grisoft
2006-11-13 21:52 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\uTorrent
2006-11-13 16:49 -------- d-------- C:\Program\VSAdd-in
2006-11-12 13:51 -------- d-------- C:\Program\Eset
2006-11-11 15:19 -------- d-------- C:\Program\DC++
2006-11-10 23:51 -------- d-------- C:\Program\Adobe
2006-11-10 22:40 -------- d-------- C:\Program\Delade filer\Adobe
2006-11-10 22:40 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\Adobe
2006-11-10 22:19 -------- d-------- C:\Program\Morgan
2006-11-10 18:50 -------- d-------- C:\Program\GordianKnot
2006-11-10 18:50 -------- d-------- C:\Program\Gabest
2006-11-10 18:50 -------- d-------- C:\Program\AviSynth 2.5
2006-11-10 18:48 -------- d-------- C:\Program\XviD
2006-11-06 21:30 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\Real
2006-11-06 21:29 -------- d-------- C:\Program\Real
2006-11-06 21:29 -------- d-------- C:\Program\Delade filer\xing shared
2006-11-06 21:29 -------- d-------- C:\Program\Delade filer\Real
2006-10-21 10:47 -------- d-------- C:\Program\Music NFO Builder
2006-10-21 08:22 -------- d-------- C:\Program\SlySoft
2006-10-21 08:21 -------- d-------- C:\Program\HTTP-Bugger v 2.2
2006-10-21 08:21 -------- d-------- C:\Program\DVDlabPro
2006-10-21 08:20 -------- d--h----- C:\Program\InstallShield Installation Information
2006-10-21 08:18 -------- d-------- C:\Program\BitLord
2006-10-21 08:17 -------- d-------- C:\Program\Accessdiver
2006-10-21 07:57 -------- d-------- C:\Program\WM Recorder 10
2006-10-21 07:57 -------- d-------- C:\Program\VirtualDJ
2006-10-20 17:08 -------- d-------- C:\Program\Winamp
2006-10-20 16:16 -------- d-------- C:\Program\FLAC
2006-09-28 20:02 -------- d-------- C:\Program\Symantec
2006-09-15 21:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-08 12:20 249856 --------- C:\WINDOWS\Setup1.exe
2006-09-08 12:19 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-08-25 16:54 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-20 18:05 85 ---hsc--- C:\Documents and Settings\HEMPC\Application Data\.zreglib
2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""
"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"HP Software Update"="C:\\Program\\HP\\HP Software Update\\HPWuSchd2.exe"
"hpWirelessAssistant"="C:\\Program\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"iTunesHelper"="C:\\Program\\iTunes\\iTunesHelper.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"eabconfg.cpl"="C:\\Program\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""
"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ISUSPM Startup"="C:\\Program\\DELADE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program\\Delade filer\\InstallShield\\UpdateService\\issch.exe\" -start"
"nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"
"!AVG Anti-Spyware"="\"C:\\Program\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^BTTray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\BTTray.lnk"
"backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\WIDCOMM\\BLUETO~1\\BTTray.exe "
"item"="BTTray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\Hp\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Image Zone Snabbstarta.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\HP Image Zone Snabbstarta.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Snabbstarta.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\Hp\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Snabbstarta"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Norton GoBack.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Norton GoBack.lnk"
"backup"="C:\\WINDOWS\\pss\\Norton GoBack.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\NORTON~1\\GBTray.exe "
"item"="Norton GoBack"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="C:\\Program\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcou]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="taskmgr"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\HEMPC\\MINADO~1\\MBOLS~1\\taskmgr.exe\" -vt yazb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Program\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKCU"
"command"="\"C:\\Program\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program\\Delade filer\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061114-214138-321
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
backup-20061114-214138-184
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
backup-20061113-170127-778
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
backup-20061113-170127-956
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
backup-20061113-165718-293
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
backup-20061113-165718-462
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
backup-20061113-165718-376
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll
backup-20061112-135912-679
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
backup-20061112-135652-472
R3 - URLSearchHook: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll
backup-20061112-135439-940
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
backup-20061112-135031-701
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
backup-20061112-135031-887
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.100.101.112:3124
backup-20061112-134942-537
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
backup-20061112-134753-672
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
backup-20061112-134738-993
O4 - HKCU\..\Run: [Yskf] C:\Program\?racle\w?aclt.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn - HEMPC.job
C:\WINDOWS\tasks\WebReg Photosmart 2570 series.job

Completion time: 06-11-14 21:45:23.65
C:\ComboFix.txt ... 06-11-14 21:45


hijakthis log:
Logfile of HijackThis v1.99.1
Scan saved at 21:55:36, on 2006-11-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Norton GoBack\GBPoll.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\iTunes\iTunesHelper.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
C:\Program\Eset\nod32krn.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
c:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7A4B80CC-0EBF-4678-8C51-58381069D783} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll (file missing)
O2 - BHO: (no name) - {8FE802E4-9E0B-9BFD-7C02-BE891B2866CA} - C:\WINDOWS\system32\ocgkfpb.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yreijmjn.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe



anyting eles you need?

Yes, can you redo the step with vundofix please? Post the report of it here with a new hijackthis log and combofix log.

you meen run vundofix again?

Yes. The infection is not completely gone.

ok i will leave the computer on when i go to bed now now i will disconect my internet.

good night i will post the log in the morning

Ok.

Sweet dreams.

here is the logs:
VundoFix V6.2.8

Checking Java version...

Sun Java not detected
Scan started at 22:02:15 2006-11-14

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\xycdd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddcyx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddcyx.dll Has been deleted!

Performing Repairs to the registry.
Done!


HEMPC - 06-11-15 6:50:32,17 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\HEMPC\Mina dokument\MBOLS~1
C:\QooBox\Purity\Documents and Settings\HEMPC\Mina dokument\MBOLS~1\??mbols
C:\QooBox\Purity\Program\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET\??crosoft.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))


2006-11-14 21:12 16,508,560 --a------ C:\jre-1_5_0_09-windows-i586-p.exe
2006-11-14 21:06 692,276 ---hs---- C:\WINDOWS\system32\awvts.dll
2006-11-14 18:01 86,528 --a------ C:\VundoFix.exe
2006-11-14 17:38 277,182 --a------ C:\combofix.exe
2006-11-13 21:54 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-13 17:16 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-13 17:16 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-13 17:16 2,898 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-13 17:16 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-12 15:37 40,973 --------- C:\WINDOWS\system32\wvurrrr.dll
2006-11-12 13:30 2 --a------ C:\WINDOWS\system32\wcpit.exe
2006-11-12 10:11 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-11-12 10:11 274,432 --a------ C:\WINDOWS\system32\imon.dll
2006-11-10 18:49 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2006-11-10 18:49 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2006-11-10 18:48 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2006-11-01 22:20 45,568 --a------ C:\WINDOWS\UniFish3.exe
2006-10-21 12:09 81,920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2006-10-21 12:09 8,064 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2006-10-21 12:09 4,608 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys
2006-10-20 16:40 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2006-10-20 16:40 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-15 06:51 -------- d-------- C:\Program\Delade filer\Symantec Shared
2006-11-15 06:46 -------- d-------- C:\Program\Mozilla Firefox
2006-11-14 21:44 -------- d-------- C:\Program\Delade filer
2006-11-14 21:15 -------- d-------- C:\Program\Java
2006-11-14 21:14 -------- d-------- C:\Program\Delade filer\Java
2006-11-14 17:56 -------- d-------- C:\Program\Norton Internet Security
2006-11-13 22:24 -------- d-------- C:\Program\Internet Explorer
2006-11-13 21:54 -------- d-------- C:\Program\Grisoft
2006-11-13 21:52 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\uTorrent
2006-11-13 16:49 -------- d-------- C:\Program\VSAdd-in
2006-11-12 13:51 -------- d-------- C:\Program\Eset
2006-11-11 15:19 -------- d-------- C:\Program\DC++
2006-11-10 23:51 -------- d-------- C:\Program\Adobe
2006-11-10 22:40 -------- d-------- C:\Program\Delade filer\Adobe
2006-11-10 22:40 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\Adobe
2006-11-10 22:19 -------- d-------- C:\Program\Morgan
2006-11-10 18:50 -------- d-------- C:\Program\GordianKnot
2006-11-10 18:50 -------- d-------- C:\Program\Gabest
2006-11-10 18:50 -------- d-------- C:\Program\AviSynth 2.5
2006-11-10 18:48 -------- d-------- C:\Program\XviD
2006-11-06 21:30 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\Real
2006-11-06 21:29 -------- d-------- C:\Program\Real
2006-11-06 21:29 -------- d-------- C:\Program\Delade filer\xing shared
2006-11-06 21:29 -------- d-------- C:\Program\Delade filer\Real
2006-10-21 10:47 -------- d-------- C:\Program\Music NFO Builder
2006-10-21 08:22 -------- d-------- C:\Program\SlySoft
2006-10-21 08:21 -------- d-------- C:\Program\HTTP-Bugger v 2.2
2006-10-21 08:21 -------- d-------- C:\Program\DVDlabPro
2006-10-21 08:20 -------- d--h----- C:\Program\InstallShield Installation Information
2006-10-21 08:18 -------- d-------- C:\Program\BitLord
2006-10-21 08:17 -------- d-------- C:\Program\Accessdiver
2006-10-21 07:57 -------- d-------- C:\Program\WM Recorder 10
2006-10-21 07:57 -------- d-------- C:\Program\VirtualDJ
2006-10-20 17:08 -------- d-------- C:\Program\Winamp
2006-10-20 16:16 -------- d-------- C:\Program\FLAC
2006-09-28 20:02 -------- d-------- C:\Program\Symantec
2006-09-15 21:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-08 12:20 249856 --------- C:\WINDOWS\Setup1.exe
2006-09-08 12:19 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-08-25 16:54 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-20 18:05 85 ---hsc--- C:\Documents and Settings\HEMPC\Application Data\.zreglib
2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""
"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"HP Software Update"="C:\\Program\\HP\\HP Software Update\\HPWuSchd2.exe"
"hpWirelessAssistant"="C:\\Program\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"iTunesHelper"="C:\\Program\\iTunes\\iTunesHelper.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"eabconfg.cpl"="C:\\Program\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""
"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ISUSPM Startup"="C:\\Program\\DELADE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program\\Delade filer\\InstallShield\\UpdateService\\issch.exe\" -start"
"nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"
"!AVG Anti-Spyware"="\"C:\\Program\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^BTTray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\BTTray.lnk"
"backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\WIDCOMM\\BLUETO~1\\BTTray.exe "
"item"="BTTray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\Hp\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Image Zone Snabbstarta.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\HP Image Zone Snabbstarta.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Snabbstarta.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\Hp\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Snabbstarta"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Norton GoBack.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Norton GoBack.lnk"
"backup"="C:\\WINDOWS\\pss\\Norton GoBack.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program\\NORTON~1\\GBTray.exe "
"item"="Norton GoBack"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="C:\\Program\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcou]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="taskmgr"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\HEMPC\\MINADO~1\\MBOLS~1\\taskmgr.exe\" -vt yazb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Program\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKCU"
"command"="\"C:\\Program\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program\\Delade filer\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn - HEMPC.job
C:\WINDOWS\tasks\WebReg Photosmart 2570 series.job

Completion time: 06-11-15 6:53:04.93
C:\ComboFix.txt ... 06-11-15 06:53
C:\ComboFix2.txt ... 06-11-14 21:45


Logfile of HijackThis v1.99.1
Scan saved at 06:54:09, on 2006-11-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Norton GoBack\GBPoll.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\HPQ\SHARED\HPQWMI.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Eset\nod32kui.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7A4B80CC-0EBF-4678-8C51-58381069D783} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll (file missing)
O2 - BHO: (no name) - {8FE802E4-9E0B-9BFD-7C02-BE891B2866CA} - C:\WINDOWS\system32\ocgkfpb.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yreijmjn.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

i allso runed an adaware:;

Ad-Aware SE Build 1.06r1
Logfile Created on:den 15 november 2006 06:57:02
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R132 14-11-2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Searchcolours(TAC index:4):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2006-11-15 06:57:02 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 628
ThreadCreationTime : 2006-11-15 05:43:14
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 2006-11-15 05:43:16
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 2006-11-15 05:43:21
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 2006-11-15 05:43:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Tjänst- och styrenhetsprogram
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 2006-11-15 05:43:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 2006-11-15 05:43:23
BasePriority : Normal
FileVersion : 6.14.10.4124
ProductVersion : 6.14.10.4124.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 2006-11-15 05:43:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 2006-11-15 05:43:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1068
ThreadCreationTime : 2006-11-15 05:43:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1184
ThreadCreationTime : 2006-11-15 05:43:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1268
ThreadCreationTime : 2006-11-15 05:43:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1376
ThreadCreationTime : 2006-11-15 05:43:24
BasePriority : Normal
FileVersion : 6.14.10.4124
ProductVersion : 6.14.10.4124.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1440
ThreadCreationTime : 2006-11-15 05:43:24
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : EXPLORER.EXE

#:14 [ccsetmgr.exe]
FilePath : C:\Program\Delade filer\Symantec Shared\
ProcessID : 1548
ThreadCreationTime : 2006-11-15 05:43:25
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:15 [ccevtmgr.exe]
FilePath : C:\Program\Delade filer\Symantec Shared\
ProcessID : 1592
ThreadCreationTime : 2006-11-15 05:43:25
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:16 [ccproxy.exe]
FilePath : C:\Program\Delade filer\Symantec Shared\
ProcessID : 1672
ThreadCreationTime : 2006-11-15 05:43:26
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:17 [sndsrvc.exe]
FilePath : C:\Program\Delade filer\Symantec Shared\
ProcessID : 1696
ThreadCreationTime : 2006-11-15 05:43:26
BasePriority : Normal
FileVersion : 6.0.4.402
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2006 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:18 [spbbcsvc.exe]
FilePath : C:\Program\Delade filer\Symantec Shared\SPBBC\
ProcessID : 1740
ThreadCreationTime : 2006-11-15 05:43:27
BasePriority : Normal
FileVersion : 2.1.0.4
ProductVersion : 2.1.0.4
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:19 [symlcsvc.exe]
FilePath : C:\Program\Delade filer\Symantec Shared\CCPD-LC\
ProcessID : 1792
ThreadCreationTime : 2006-11-15 05:43:27
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:20 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2020
ThreadCreationTime : 2006-11-15 05:43:29
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:21 [aluschedulersvc.exe]
FilePath : C:\Program\Symantec\LiveUpdate\
ProcessID : 340
ThreadCreationTime : 2006-11-15 05:43:35
BasePriority : Normal
FileVersion : 3.0.0.171
ProductVersion : 3.0.0.171
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:22 [guard.exe]
FilePath : C:\Program\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 356
ThreadCreationTime : 2006-11-15 05:43:35
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:23 [gbpoll.exe]
FilePath : C:\Program\Norton GoBack\
ProcessID : 440
ThreadCreationTime : 2006-11-15 05:43:36
BasePriority : Normal


#:24 [lssrvc.exe]
FilePath : C:\Program\Delade filer\LightScribe\
ProcessID : 468
ThreadCreationTime : 2006-11-15 05:43:36
BasePriority : Normal
FileVersion : 1.4.44.1
ProductName : LightScribe
CompanyName : Hewlett-Packard Company
LegalCopyright : © Copyright 2003-2005 Hewlett-Packard Development Company, LP
OriginalFilename : LSSrvc.exe

#:25 [mdm.exe]
FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug\
ProcessID : 508
ThreadCreationTime : 2006-11-15 05:43:36
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:26 [navapsvc.exe]
FilePath : C:\Program\Norton Internet Security\Norton AntiVirus\
ProcessID : 560
ThreadCreationTime : 2006-11-15 05:43:36
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:27 [nod32krn.exe]
FilePath : C:\Program\Eset\
ProcessID : 584
ThreadCreationTime : 2006-11-15 05:43:36
BasePriority : Normal
FileVersion : 2, 51, 30
ProductVersion : 2, 51, 30
ProductName : NOD32 Antivirus System
CompanyName : Eset
FileDescription : NOD32 Kernel Service
InternalName : NOD32 Kernel
LegalCopyright : Copyright © 1992-2005 Eset
LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset
OriginalFilename : nod32krn.exe

#:28 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 2006-11-15 05:43:36
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:29 [richvideo.exe]
FilePath : C:\Program\CyberLink\Shared files\
ProcessID : 684
ThreadCreationTime : 2006-11-15 05:43:37
BasePriority : Normal
FileVersion : 1.1.0808
ProductVersion : 1.1.0808
ProductName : RichVideo Module
FileDescription : RichVideo Module
InternalName : RichVideo
LegalCopyright : Copyright 2004
OriginalFilename : RichVideo.EXE

#:30 [starwindservice.exe]
FilePath : C:\Program\Alcohol Soft\Alcohol 120\StarWind\
ProcessID : 1152
ThreadCreationTime : 2006-11-15 05:43:37
BasePriority : Normal
FileVersion : 2.6.1 Build 0x20050401
ProductVersion : 2.6.1 Build 0x20050401
ProductName : StarWind
CompanyName : Rocket Division Software
FileDescription : StarWind iSCSI Target (Alcohol Edition)
InternalName : StarWind
LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved.
OriginalFilename : StarWind

#:31 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1776
ThreadCreationTime : 2006-11-15 05:43:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2052
ThreadCreationTime : 2006-11-15 05:43:48
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:33 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 2504
ThreadCreationTime : 2006-11-15 05:44:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:34 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2632
ThreadCreationTime : 2006-11-15 05:44:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:35 [atiptaxx.exe]
FilePath : C:\Program\ATI Technologies\ATI Control Panel\
ProcessID : 2816
ThreadCreationTime : 2006-11-15 05:44:53
BasePriority : Normal
FileVersion : 6.14.10.5168
ProductVersion : 6.14.10.5168
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:36 [hpwuschd2.exe]
FilePath : C:\Program\HP\HP Software Update\
ProcessID : 3140
ThreadCreationTime : 2006-11-15 05:45:09
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:37 [hp wireless assistant.exe]
FilePath : C:\Program\hpq\HP Wireless Assistant\
ProcessID : 3172
ThreadCreationTime : 2006-11-15 05:45:12
BasePriority : Normal
FileVersion : 1, 1, 2, 2
ProductVersion : 1, 1, 2, 2
ProductName : hp Wireless Assistant
CompanyName : Hewlett-Packard Company
FileDescription : hp Wireless Assistant Module
InternalName : hp Wireless Assistant
LegalCopyright : Copyright 2004
OriginalFilename : hp Wireless Assistant.exe

#:38 [firefox.exe]
FilePath : C:\Program\Mozilla Firefox\
ProcessID : 3196
ThreadCreationTime : 2006-11-15 05:45:15
BasePriority : Normal


#:39 [ituneshelper.exe]
FilePath : C:\Program\iTunes\
ProcessID : 3392
ThreadCreationTime : 2006-11-15 05:45:21
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:40 [hpqwmi.exe]
FilePath : C:\Program\HPQ\SHARED\
ProcessID : 3408
ThreadCreationTime : 2006-11-15 05:45:22
BasePriority : Normal
FileVersion : 1, 0, 6, 1
ProductVersion : 1, 0, 6, 1
ProductName : hpqwmi Module
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : hpqwmi Module
InternalName : hpqwmi
LegalCopyright : © Copyright 2003, 2005 Hewlett-Packard Development Company, L.P.
OriginalFilename : hpqwmi.EXE

#:41 [lsburnwatcher.exe]
FilePath : C:\hp\drivers\hplsbwatcher\
ProcessID : 3500
ThreadCreationTime : 2006-11-15 05:45:27
BasePriority : Normal
FileVersion : 4, 10, 14, 0
ProductVersion : 4, 10, 14, 0
ProductName : LightScribe
CompanyName : Hewlett-Packard Company
FileDescription : LightScribe Burn Watcher
InternalName : LSBurnWatcher
LegalCopyright : Copyright © 2004
OriginalFilename : LSBurnWatcher.exe
Comments : LightScribe automatic labeller launcher; waits to see when you've written a music CD and helps you create the LightScribe label for it.

#:42 [eabservr.exe]
FilePath : C:\Program\HPQ\Quick Launch Buttons\
ProcessID : 3580
ThreadCreationTime : 2006-11-15 05:45:33
BasePriority : Normal
FileVersion : 5, 20, 4, 2
ProductVersion : 5, 2, 4, 2
ProductName : Quick Launch Buttons
CompanyName : Hewlett-Packard
FileDescription : Quick Launch Buttons
InternalName : eabsrvr
LegalCopyright : © Copyright 2004, 2005 Hewlett-Packard Development Company, L.P.
OriginalFilename : eabsrvr.exe

#:43 [ccapp.exe]
FilePath : C:\Program\Delade filer\Symantec Shared\
ProcessID : 3644
ThreadCreationTime : 2006-11-15 05:45:36
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:44 [ipodservice.exe]
FilePath : C:\Program\iPod\bin\
ProcessID : 3648
ThreadCreationTime : 2006-11-15 05:45:37
BasePriority : Normal
FileVersion : 6.0.2.17
ProductVersion : 6.0.2.17
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:45 [daemon.exe]
FilePath : C:\Program\DAEMON Tools\
ProcessID : 3692
ThreadCreationTime : 2006-11-15 05:45:40
BasePriority : Normal


#:46 [issch.exe]
FilePath : C:\Program\Delade filer\InstallShield\UpdateService\
ProcessID : 3948
ThreadCreationTime : 2006-11-15 05:45:45
BasePriority : Normal
FileVersion : 3, 10, 100, 1155
ProductVersion : 3, 10
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe

#:47 [nod32kui.exe]
FilePath : C:\Program\Eset\
ProcessID : 4076
ThreadCreationTime : 2006-11-15 05:45:53
BasePriority : Normal
FileVersion : 2, 51, 30
ProductVersion : 2, 51, 30
ProductName : NOD32 Antivirus System
CompanyName : Eset
FileDescription : NOD32 Control Center GUI
InternalName : NOD32 Control Center GUI
LegalCopyright : Copyright © 1992-2005 Eset
LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset
OriginalFilename : nod32kui.exe

#:48 [avgas.exe]
FilePath : C:\Program\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2176
ThreadCreationTime : 2006-11-15 05:46:13
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:49 [realsched.exe]
FilePath : C:\Program\Delade filer\Real\Update_OB\
ProcessID : 1208
ThreadCreationTime : 2006-11-15 05:46:15
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:50 [jusched.exe]
FilePath : C:\Program\Java\jre1.5.0_09\bin\
ProcessID : 1276
ThreadCreationTime : 2006-11-15 05:46:16
BasePriority : Normal


#:51 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2348
ThreadCreationTime : 2006-11-15 05:46:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:52 [nmbgmonitor.exe]
FilePath : C:\Program\Delade filer\Ahead\lib\
ProcessID : 2544
ThreadCreationTime : 2006-11-15 05:46:19
BasePriority : Normal


#:53 [msmsgs.exe]
FilePath : C:\Program\Messenger\
ProcessID : 1816
ThreadCreationTime : 2006-11-15 05:46:26
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:54 [nscsrvce.exe]
FilePath : C:\Program\Delade filer\Symantec Shared\Security Console\
ProcessID : 3720
ThreadCreationTime : 2006-11-15 05:47:26
BasePriority : Normal
FileVersion : 2006.1.5.17
ProductVersion : 2006.1.5
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:55 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2208
ThreadCreationTime : 2006-11-15 05:48:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:56 [taskmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1348
ThreadCreationTime : 2006-11-15 05:56:09
BasePriority : High
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aktivitetshanteraren
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : taskmgr.exe

#:57 [ad-aware.exe]
FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4024
ThreadCreationTime : 2006-11-15 05:56:24
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Searchcolours Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}

Adware.Searchcolours Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}
Value : UninstallString

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Searchcolours Object Recognized!
Type : Folder
TAC Rating : 4
Category : Adware
Comment : Adware.Searchcolours
Object : C:\Program\VSAdd-in

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3

07:16:32 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:29.891
Objects scanned:193593
Objects identified:3
Objects ignored:0
New critical objects:3

* Please delete these folders using Windows Explorer(if present):

* Click Start>>All Programs>>Accessories>>Windows Explorer
* Navigate to the listed folders, then right-click to select them and click delete

C:\QooBox

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
3. Run AVG Anti-Spyware
4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
5. After the update finishes (the status bar at the bottom will display "Update successful")
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
7. Under "Reports
8. Select "Automatically generate report after every scan"
9. Un-Select "Only if threats were found"

[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

* Next, run Ad-aware and perform a full scan. Remove everything found.

1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
4. If you have any infections you will prompted, then select "Apply all actions"
5. Next select the "Reports" icon at the top.
6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* After that, post a new hijackthis log here with the report of AVG antispyware.

ok here is the new logs:

Logfile of HijackThis v1.99.1
Scan saved at 16:06:02, on 2006-11-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Norton GoBack\GBPoll.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\iTunes\iTunesHelper.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\HPQ\SHARED\HPQWMI.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7A4B80CC-0EBF-4678-8C51-58381069D783} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll (file missing)
O2 - BHO: (no name) - {8FE802E4-9E0B-9BFD-7C02-BE891B2866CA} - C:\WINDOWS\system32\ocgkfpb.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yreijmjn.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:54:36 2006-11-15

+ Scan result:



C:\WINDOWS\system32\wvurrrr.dll -> Adware.Virtumonde : No action taken.
:mozilla.12:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.50:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.51:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.40:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.


::Report end



cheers Qnorsten

* Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\wvurrrr.dll
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

* Please open hijackthis and put a check next to the following:

O2 - BHO: (no name) - {7A4B80CC-0EBF-4678-8C51-58381069D783} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll (file missing)
O2 - BHO: (no name) - {8FE802E4-9E0B-9BFD-7C02-BE891B2866CA} - C:\WINDOWS\system32\ocgkfpb.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yreijmjn.dll (file missing)
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* After that, post a new hijackthis log here and tell me how everything is working.

hello everyting seems to work normal again thanks for your help.
here is the new hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 16:51:34, on 2006-11-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Norton GoBack\GBPoll.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\iTunes\iTunesHelper.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Eset\nod32kui.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\HPQ\SHARED\HPQWMI.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.

thanks but i accidently removed the wrong file with killbox and now when i try to remove the right one, it tells me "Pendingfilenameoperations Registry daga has been Removed By External process!"

Reboot manually.

thanks is the file removed now.

Pocket Killbox version 2.0.0.648
Running on Windows XP as HEMPC(Administrator)
was started @ onsdag, november 15, 2006, 4:42 PM

Pocket Killbox version 2.0.0.648
Running on Windows XP as HEMPC(Administrator)
was started @ onsdag, november 15, 2006, 4:42 PM


I Rebooted @ 4:45:05 PM
Killbox Closed(Exit) @ 4:45:08 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as HEMPC(Administrator)
was started @ onsdag, november 15, 2006, 5:04 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvurrrr.dll


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:07:19 PM
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvurrrr.dll


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:09:15 PM
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvurrrr.dll


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:09:33 PM
# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvurrrr.dll


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:11:13 PM
Killbox Closed(Exit) @ 5:11:16 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as HEMPC(Administrator)
was started @ onsdag, november 15, 2006, 5:17 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvurrrr.dll


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:19:06 PM
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvurrrr.dll


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:27:37 PM
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvurrrr.dll

Go to C:\WINDOWS\system32 and see if the file wvurrrr.dll is still present.

no it seems to be gone now i just have one problem left.
it's an 14kb big file in c:\windows\temp that keeps renameing it self every second , norton antivirus call the virus "Downloader" and nod32 calls it win32/Adware.softomate application

Please run ATF cleaner in Safe mode.

done but the warning still keeps coming up.

Try to delete the folder c:\windows\temp in safe mode.


Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

All right I will try to delete the map.
I know that i just should have one i usually just have Norton but it didn't work properly in safe mode so i installed nod32 to i will remove it later.

it had no effect at all.

Can you delete it or is it keep coming back?

i can delete it in safemode but not in normal mode and it's keep coming back when i start the computer in normal mode

Do again a scan with AVG antispyware in safe mode and post the report here.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:37:44 2006-11-15

+ Scan result:



:mozilla.49:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.50:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.24:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.25:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.30:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HEMPC\Cookies\hempc@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HEMPC\Cookies\hempc@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\HEMPC\Cookies\hempc@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\HEMPC\Cookies\hempc@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.26:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.27:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.


::Report end

Did you removed the items found by AVG antispyware? Because the log says: 'No action taken'

yes I did remove them

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, Click Options > Change settings
• Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
• Back at the main window, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

shall i run it in safe mode or in normal mode?

Normal mode.

Logfile of HijackThis v1.99.1
Scan saved at 07:31:03, on 2006-11-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Norton GoBack\GBPoll.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\iTunes\iTunesHelper.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Eset\nod32kui.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe
C:\Program\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
C:\Program\Symantec\LiveUpdate\AUpdate.exe
C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe


restart.exe;C:\Documents and Settings\Administratör\Skrivbord\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
restart.exe;C:\Documents and Settings\HEMPC\Skrivbord\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
0MGLJRCA.NQF;C:\Program\Eset\Infected;Adware.Mikva;Incurable.Moved.;
3I2FJHAA.NQF;C:\Program\Eset\Infected;Trojan.Virtumod;Deleted.;
5LVGFJAA.NQF;C:\Program\Eset\Infected;Tool.Prockill;Incurable.Moved.;
IJTWYMAA.NQF;C:\Program\Eset\Infected;Adware.Mikva;Incurable.Moved.;
NGVGN4DA.NQF;C:\Program\Eset\Infected;Trojan.DownLoader.14336;Deleted.;
PZGHVXCA.NQF;C:\Program\Eset\Infected;Dialer.Cool;Deleted.;
YCVJOZBA.NQF;C:\Program\Eset\Infected;Trojan.Virtumod;Deleted.;
awvtu.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ddcyx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
awvts.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

Ok, now redo the step with ATF cleaner and tell me how everything is working.

the virusmessage still keeps coming up.

Can you redo the step with vundofix?

in normal or safemode?

Normal mode.

i just discovered someting i created a new user and loged on to that and no virus Warnings where displyed