My computer is sending hundreds of emails when I connect to the internet

B

Benke

New member
Hi,

After installing a not so good piece of software obviously, my Norton Autoprotect started screaming about scanning outgoing emails - hundreds of them. I quickly pulled the LAN cable and realized that about 10-20 seconds after I reconnected the LAN cable, something started sending emails again. I have now created a blocking of port 25 in my internet router, so the problem is temporarily halted and I can use the internet so search for a solution.

Here are my log files as requested in the FAQ:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:24, on 2008-05-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program\LANeye\sys\LANeyeSRV.exe
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program\NORTON~1\NORTON~2\NPROTECT.EXE
c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\PalmVNC\UltraVNC\winvnc.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe
C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\StatBar\StatBar.exe
C:\Program\Last.fm\LastFMHelper.exe
C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/webhp?sourceid=navclient&hl=sv&ie=UTF-8&oe=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {25920830-05FF-4C47-87E0-B09AF60953EB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PMCRemote] C:\Program\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program\COPERN~1\COPERN~1.EXE" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Orb] "C:\Program\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe
O4 - Startup: MailWasherPro.lnk = C:\Program\MailWasher Pro\MailWasher.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Azureus.lnk = C:\Program\Azureus\Azureus.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: Pinnacle ShowCenter StreamServer.lnk = C:\Program\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O4 - Global Startup: StatBar.lnk = C:\Program\StatBar\StatBar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Bengt\Application Data\Mozilla\Firefox\Profiles\2qae4f03.Bengt\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Bengt\Application Data\Mozilla\Firefox\Profiles\2qae4f03.Bengt\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Öppna klient på bildskärm &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Öppna klient på bildskärm &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/226b29cc6688a2bd3519/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100965436140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134940709765
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://eleg.trust.telia.com/vspta3.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB653DF-1F02-4792-9A36-43FE3D55182D}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A433B0A-529A-4F34-9F70-8EFE0C287701}: NameServer = 192.168.1.1,91.190.136.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB653DF-1F02-4792-9A36-43FE3D55182D}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\AirfoilInject.dll
O20 - Winlogon Notify: wvuvurs - wvuvurs.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LANeyeSRV (LANeyeSRV_NetworkService) - ProPrat - C:\Program\LANeye\sys\LANeyeSRV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Npsecvicebr - Symantec Corporation - (no file)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program\Delade filer\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program\PalmVNC\UltraVNC\winvnc.exe

--
End of file - 29731 bytes


and the Kaspersky scan log:


:spider:

I hope someone will be able to help me with this. I've tried with Spybot Search & Destroy, AdAware and Norton Antivirus but they don't find anything worth fixing.
 
Last edited by a moderator:
...and the Kaspersky log...

Sorry - it seems like the Kaspersky log didn't get into the post...

Code: 
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Monday, May 05, 2008 12:43:18 AM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  4/05/2008
 Kaspersky Anti-Virus database records: 738770
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\
	J:\
	K:\
	L:\
	M:\
	O:\
	S:\

Scan Statistics:
	Total number of scanned objects: 381373
	Number of viruses found: 26
	Number of infected objects: 73
	Number of suspicious objects: 4
	Duration of the scan process: 09:30:28

Infected Object Name / Virus Name / Last Action
C:\dmdwj.exe	Infected: Rootkit.Win32.Agent.aie	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip/id53.exe	Suspicious: Password-protected-EXE	skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip	ZIP: suspicious - 1	skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/winDB6.tmp.exe	Suspicious: Password-protected-EXE	skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip	ZIP: suspicious - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-04_Log.ALUSchedulerSvc.LiveUpdate	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\17C1FAF1.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\9E5901A2.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx	Object is locked	skipped
C:\Documents and Settings\Bengt\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Application Data\Last.fm\Client\lastfmhelper.log	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\9A6D.tmp	Infected: Trojan-Downloader.Win32.Agent.mgq	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\Perflib_Perfdata_c1c.dat	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\winDBC.tmp.exe	Infected: Trojan.Win32.Agent.qt	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\~DFB463.tmp	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\~DFB484.tmp	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\~DFE745.tmp	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Tidigare\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Bengt\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Bengt\NTUSER.DAT.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data	Infected: not-a-virus:RemoteAdmin.Win32.CoolRemCon.c	skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data	Infected: not-a-virus:RemoteAdmin.Win32.CoolRemCon.a	skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.b	skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333	skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.b	skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.b	skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip	ZIP: infected - 6	skipped
C:\oexdh.exe	Infected: Trojan-Downloader.Win32.Injecter.pl	skipped
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcrst.dll	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsys.dll	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\SNDALRT.log	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\SNDCON.log	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\SNDDBG.log	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\SNDFW.log	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\SNDIDS.log	Object is locked	skipped
C:\Program\Delade filer\Symantec Shared\SNDSYS.log	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\BWDocMap.pht	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\BWInfopakMap.pht	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\chandir.dat	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\chandir.idx	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\chn.dat	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\chn.idx	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\D0000000.FCS	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\inuse.txt	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\L0000003.FCS	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\main.log	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs.dat	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs.idx	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_die.dat	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_die.idx	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_dnd.dat	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_dnd.idx	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_ext.dat	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_ext.idx	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_rcv.dat	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_rcv.idx	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\storydb.dat	Object is locked	skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\storydb.idx	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext.mdf	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext_log.LDF	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf	Object is locked	skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\LOG\ERRORLOG	Object is locked	skipped
C:\Program\mIRC\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
C:\Program\Norton AntiVirus\AVApp.log	Object is locked	skipped
C:\Program\Norton AntiVirus\AVError.log	Object is locked	skipped
C:\Program\Norton AntiVirus\AVVirus.log	Object is locked	skipped
C:\Program\Norton SystemWorks\Norton Antivirus\Quarantine\730378F2	Infected: Trojan-Downloader.Java.OpenStream.t	skipped
C:\Program\PalmVNC\UltraVNC\vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\Program\Pinnacle\Shared Files\Programs\MediaServer\Media\Temp\Thumbnails\Storage.bin	Object is locked	skipped
C:\Src\mirc62.exe/stream/data0006	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
C:\Src\mirc62.exe/stream	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
C:\Src\mirc62.exe	NSIS: infected - 2	skipped
C:\Src\PalmVNC-UltraVNC.exe/data0018	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\Src\PalmVNC-UltraVNC.exe	Inno: infected - 1	skipped
C:\Src\PalmVNC-WinVNC.exe/data0005	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.g	skipped
C:\Src\PalmVNC-WinVNC.exe/data0006	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333	skipped
C:\Src\PalmVNC-WinVNC.exe	Inno: infected - 2	skipped
C:\Src\tightvnc-1.2.9-setup.exe/data0002	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h	skipped
C:\Src\tightvnc-1.2.9-setup.exe/data0003	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b	skipped
C:\Src\tightvnc-1.2.9-setup.exe	Inno: infected - 2	skipped
C:\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
C:\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
C:\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
C:\Src\UltraVnc-101-Setup.zip	ZIP: infected - 3	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar/xpkey.exe	Infected: not-a-virus:PSWTool.Win32.RAS.a	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar/keyms.exe	Infected: not-a-virus:PSWTool.Win32.RAS.a	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar/RAS.exe	Infected: not-a-virus:PSWTool.Win32.RAS.a	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar/RockXp_.exe	Infected: not-a-virus:PSWTool.Win32.RAS.a	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar	Infected: not-a-virus:PSWTool.Win32.RAS.a	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe	RarSFX: infected - 5	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP694\A0115254.exe/data0007	Infected: Trojan-Downloader.Win32.Zlob.ged	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP694\A0115254.exe	NSIS: infected - 1	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP727\A0121907.dll	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP727\A0121908.exe	Infected: not-a-virus:AdWare.Win32.WebHancer.423	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP727\A0121910.dll	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP727\A0121911.exe	Infected: not-a-virus:AdWare.Win32.WebHancer.390	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP729\A0121952.exe	Infected: not-virus:Hoax.Win32.Renos.bjs	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP731\A0122119.dll	Infected: Packed.Win32.Monder.gen	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP731\A0122120.dll	Infected: Packed.Win32.Monder.gen	skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP757\change.log	Object is locked	skipped
C:\WINDOWS\Application Data\Identities\{D83BAAAD-E3A6-4C44-8A4A-91CDABA94525}\Microsoft\Outlook Express\Deleted 2002.zip/Deleted 2002.dbx/[From "Niels H. Nielsen" <nhn@bigfoot.com>][Date Sun, 15 Dec 2002 14:57:49 +0100 (CET)]/db1.mdb.scr	Infected: Email-Worm.Win32.Tanatos.a	skipped
C:\WINDOWS\Application Data\Identities\{D83BAAAD-E3A6-4C44-8A4A-91CDABA94525}\Microsoft\Outlook Express\Deleted 2002.zip/Deleted 2002.dbx	Infected: Email-Worm.Win32.Tanatos.a	skipped
C:\WINDOWS\Application Data\Identities\{D83BAAAD-E3A6-4C44-8A4A-91CDABA94525}\Microsoft\Outlook Express\Deleted 2002.zip	ZIP: infected - 2	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\S9613A75E.tmp	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\crypts.dll	Infected: Trojan-Downloader.Win32.Small.vea	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_814.dat	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
G:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe/data0001	Infected: Packed.Win32.Monder.gen	skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe/data0002	Infected: Trojan.Win32.Pakes.cgn	skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe/data0003	Infected: Trojan-Downloader.Win32.Small.swa	skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe	EmbeddedEXE: infected - 3	skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe	UPX: infected - 3	skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe	PE_Patch.UPX: infected - 3	skipped
J:\RECYCLED\NPROTECT\NPROTECT.LOG	Object is locked	skipped
K:\RECYCLER\NPROTECT\NPROTECT.LOG	Object is locked	skipped
K:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
L:\RECYCLER\NPROTECT\NPROTECT.LOG	Object is locked	skipped
L:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
M:\RECYCLER\NPROTECT\NPROTECT.LOG	Object is locked	skipped
M:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
O:\Jobbdatorn backup 2007\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
O:\Jobbdatorn backup 2007\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
O:\Jobbdatorn backup 2007\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
O:\Jobbdatorn backup 2007\Src\UltraVnc-101-Setup.zip	ZIP: infected - 3	skipped
O:\RECYCLER\NPROTECT\NPROTECT.LOG	Object is locked	skipped
O:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
S:\RECYCLER\NPROTECT\NPROTECT.LOG	Object is locked	skipped
S:\Src (backup)\mirc62.exe/stream/data0006	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
S:\Src (backup)\mirc62.exe/stream	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
S:\Src (backup)\mirc62.exe	NSIS: infected - 2	skipped
S:\Src (backup)\PalmVNC-UltraVNC.exe/data0018	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
S:\Src (backup)\PalmVNC-UltraVNC.exe	Inno: infected - 1	skipped
S:\Src (backup)\PalmVNC-WinVNC.exe/data0005	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.g	skipped
S:\Src (backup)\PalmVNC-WinVNC.exe/data0006	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333	skipped
S:\Src (backup)\PalmVNC-WinVNC.exe	Inno: infected - 2	skipped
S:\Src (backup)\tightvnc-1.2.9-setup.exe/data0002	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h	skipped
S:\Src (backup)\tightvnc-1.2.9-setup.exe/data0003	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b	skipped
S:\Src (backup)\tightvnc-1.2.9-setup.exe	Inno: infected - 2	skipped
S:\Src (backup)\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
S:\Src (backup)\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
S:\Src (backup)\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e	skipped
S:\Src (backup)\UltraVnc-101-Setup.zip	ZIP: infected - 3	skipped
S:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped

Scan process completed.
 
Hi

Disable Spybot's TeaTimer
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer


1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply (please don't use code box to make reading easier :))

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here
 
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top