Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32res.exe popup [RESOLVED]

Started by z8n , Sep 11 2006 05:38 AM

  • This topic is locked This topic is locked

#1
z8n
Posted 11 September 2006 - 05:38 AM

z8n

    New Member

  • Member
  • Pip
  • 9 posts
hi!

I am getting a popup telling me that win32res.exe is sending info from my computer to a remote computer, and that i should download several antivirus programs. Can someone please help me remove it? Thanks
HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 13:37:40, on 11.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\9174c08b.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programfiler\Fellesfiler\{004DC8E3-08A3-1044-0602-06050806002f}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Messenger\MSMSGS.EXE
C:\Programfiler\MSI\Core Center\CoreCenter.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Eivind\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [9174c08b.exe] C:\WINDOWS\system32\9174c08b.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [9174c08b.exe] C:\Documents and Settings\Eivind\Lokale innstillinger\Programdata\9174c08b.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157819248656
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by z8n, 11 September 2006 - 05:40 AM.

  • 0

Advertisements

#2
Shaba
Posted 12 September 2006 - 11:07 AM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi z8n

Open HijackThis, click do a system scan only and checkmark these:


O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [9174c08b.exe] C:\WINDOWS\system32\9174c08b.exe
O4 - HKCU\..\Run: [9174c08b.exe] C:\Documents and Settings\Eivind\Lokale innstillinger\Programdata\9174c08b.exe

Close all windows including browser and press fix checked.

Please download the Killbox.
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\9174c08b.exe
C:\Documents and Settings\Eivind\Lokale innstillinger\Programdata\9174c08b.exe
C:\Programfiler\Fellesfiler\{004DC8E3-08A3-1044-0602-06050806002f}\Update.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Send:

- a fresh HijackThis log
- combofix report

Edited by Shaba, 12 September 2006 - 11:08 AM.

  • 0

#3
z8n
Posted 13 September 2006 - 02:15 PM

z8n

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Shaba! :whistling:

Thank you for your time. I did as you said and heres the reports:

-----------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:13:39, on 13.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Messenger\MSMSGS.EXE
C:\Programfiler\MSI\Core Center\CoreCenter.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Eivind\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157819248656
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-----------------------

Eivind - 06-09-13 22:09:58,73
ComboFix 06.09.11B - Running from: C:\Documents and Settings\Eivind\Skrivebord

Microsoft Windows XP [Versjon 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programfiler\ToolBar888
C:\WINDOWS\system32\components
C:\Programfiler\Fellesfiler\{004DC8E3-08A3-1044-0602-06050806002f}


((((((((((((((((((((((((((((((( Files Created from 2006-08-13 to 2006-09-13 ))))))))))))))))))))))))))))))))))


2006-09-13 16:14 70,144 --a------ C:\WINDOWS\system32\fontexta.dll
2006-09-11 12:56 51,754 --a------ C:\WINDOWS\g18643500.dll
2006-09-11 11:41 645,745 ---hs---- C:\WINDOWS\system32\qtvwa.bak2
2006-09-11 11:38 51,754 --a------ C:\WINDOWS\g13961765.dll
2006-09-11 10:48 78,378 --a------ C:\WINDOWS\g10946468.dll
2006-09-11 08:34 51,754 --a------ C:\WINDOWS\g2903968.dll
2006-09-11 07:50 78,378 --a------ C:\WINDOWS\g265031.dll
2006-09-10 22:54 78,378 --a------ C:\WINDOWS\g36998062.dll
2006-09-10 21:35 51,754 --a------ C:\WINDOWS\g32307828.dll
2006-09-10 13:13 78,378 --a------ C:\WINDOWS\g2184125.dll
2006-09-10 12:24 51,754 --a------ C:\WINDOWS\g1457468.dll
2006-09-10 12:02 78,378 --a------ C:\WINDOWS\g138250.dll
2006-09-10 11:59 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-10 11:48 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-10 11:48 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-10 11:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-10 11:48 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-10 11:41 621,494 ---hs---- C:\WINDOWS\system32\qtvwa.bak1
2006-09-10 11:40 577,588 ---hs---- C:\WINDOWS\system32\awvtq.dll
2006-09-10 11:33 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-10 11:33 635,520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-10 11:33 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2006-09-10 11:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2006-09-10 11:33 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-09-10 11:27 78,378 --a------ C:\WINDOWS\g4596578.dll
2006-09-10 11:27 40,973 ---hs---- C:\WINDOWS\system32\khfgdaa.dll
2006-09-09 23:41 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2006-09-09 23:41 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-09 23:41 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2006-09-09 23:41 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2006-09-09 23:40 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-09 23:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-09 23:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-09 23:40 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-09 23:40 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-09 23:40 69,120 --a------ C:\WINDOWS\notepad.exe
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-09 23:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-09 23:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-09 23:40 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-09 23:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-09 23:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-09 23:15 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll
2006-09-09 23:15 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-09-09 23:15 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe
2006-09-09 23:15 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-09-09 23:15 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-09 23:15 208,384 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2006-09-09 23:15 208,384 -ra------ C:\WINDOWS\system32\fdco1.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1036.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1034.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1031.dll
2006-09-09 23:15 158,720 -ra------ C:\WINDOWS\system32\fdco_l1046.dll
2006-09-09 23:15 158,720 -ra------ C:\WINDOWS\system32\fdco_l1040.dll
2006-09-09 23:15 156,672 -ra------ C:\WINDOWS\system32\fdco_l1042.dll
2006-09-09 23:15 156,672 -ra------ C:\WINDOWS\system32\fdco_l1041.dll
2006-09-09 23:15 155,648 -ra------ C:\WINDOWS\system32\fdco_l1028.dll
2006-09-09 23:15 155,136 -ra------ C:\WINDOWS\system32\fdco_l2052.dll
2006-09-09 23:15 10,240 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2006-09-09 23:15 10,240 -ra------ C:\WINDOWS\system32\bdco1.dll
2006-09-09 23:08 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-09 23:08 0 -rahs---- C:\MSDOS.SYS
2006-09-09 23:08 0 -rahs---- C:\IO.SYS
2006-09-09 23:08 0 --a------ C:\CONFIG.SYS
2006-09-09 23:08 0 --a------ C:\AUTOEXEC.BAT
2006-09-09 23:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-09 23:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-09 23:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-09 23:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-09 23:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-09 23:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-09 23:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-09 23:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-09 23:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-09 23:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-09 23:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-09 23:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-09 23:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-09 23:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-09 23:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-09 23:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-09 23:06 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-09 23:06 275,968 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-09 23:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-09 23:06 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-09 23:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-09 23:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-09 23:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-09 23:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-09 23:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-09 23:06 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-09 23:05 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-09 23:05 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-09 23:05 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-09 23:05 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-09 23:05 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-09 23:05 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-09 23:05 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-09 23:05 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-09 23:05 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-09 23:05 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-09 23:05 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-09 23:05 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-09 23:05 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-09 23:05 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-09 23:05 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-09 23:05 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-09 23:05 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-09 23:05 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-09 23:05 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-09 23:05 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-09 23:05 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-09 23:05 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-09 23:05 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-09 23:05 228,864 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-09 23:05 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-09 23:05 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-09 23:05 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-09 23:05 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-09 23:05 185,344 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-09 23:05 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-09 23:05 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-09 23:05 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-09 23:05 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-09 23:05 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-09 23:05 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-09 23:05 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-09 23:05 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-09 23:05 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-09 23:05 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-09 23:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-09 23:05 127,488 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-09 23:05 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-09 23:05 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-09 23:05 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-09 23:05 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-09 23:05 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-09 23:04 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-09 23:04 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-09 23:04 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-09 23:04 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-09 23:04 60,928 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-09 23:04 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-09 23:04 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-09 23:04 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-09 23:04 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-09 23:04 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-09 23:04 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-09 23:04 408,064 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-09 23:04 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-09 23:04 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-09 23:04 294,912 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-09 23:04 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-09 23:04 186,368 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-09 23:04 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-09 23:04 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-09 23:04 140,288 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-09 23:04 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-09 23:04 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-09 23:04 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-09 23:04 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-09 23:04 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-09 23:04 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-09 20:31 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-09-09 19:46 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-09-09 19:46 330,240 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-09 18:40 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-09-09 18:31 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-09-09 18:31 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-09-09 18:31 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-09-09 18:31 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-09 18:27 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-09 18:27 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-09 18:27 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-09 18:27 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-09 18:27 174,360 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-09 18:27 127,768 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-09 18:19 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2006-09-09 18:19 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2006-09-09 18:19 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2006-09-09 18:19 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2006-09-09 18:18 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-09-09 17:45 712,704 -ra------ C:\WINDOWS\system32\AUDIO3D3.DLL
2006-09-09 17:45 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2006-09-09 17:45 36,864 -ra------ C:\WINDOWS\system32\CMUDA3.DLL
2006-09-09 17:45 32,768 -ra------ C:\WINDOWS\system32\UDAPROP3.DLL
2006-09-09 17:45 28,672 -ra------ C:\WINDOWS\system32\CMRMDRV3.DLL
2006-09-09 17:45 28,672 -r------- C:\WINDOWS\CmiPCIUninstall.exe
2006-09-09 17:45 233,472 -ra------ C:\WINDOWS\system32\CMRMDRV3.exe
2006-09-09 17:30 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-09 17:28 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-09-09 17:28 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-09-09 17:28 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2006-09-09 17:28 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-09-09 17:28 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-09-09 17:28 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-09-09 17:28 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2006-09-09 17:28 63,696 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-09-09 17:28 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-09-09 17:28 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-09-09 17:28 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-09-09 17:28 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2006-09-09 17:28 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-09-09 17:28 562,688 --a------ C:\WINDOWS\system32\qedit.dll
2006-09-09 17:28 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-09-09 17:28 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2006-09-09 17:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-09 17:28 385,536 --a------ C:\WINDOWS\system32\qdvd.dll
2006-09-09 17:28 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2006-09-09 17:28 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2006-09-09 17:28 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-09-09 17:28 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2006-09-09 17:28 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-09-09 17:28 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-09-09 17:28 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-09-09 17:28 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-09-09 17:28 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-09-09 17:28 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2006-09-09 17:28 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2006-09-09 17:28 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-09-09 17:28 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2006-09-09 17:28 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-09-09 17:28 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2006-09-09 17:28 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2006-09-09 17:28 221,184 --a------ C:\WINDOWS\system32\qasf.dll
2006-09-09 17:28 212,992 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-09-09 17:28 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-09-09 17:28 203,776 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-09-09 17:28 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2006-09-09 17:28 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-09 17:28 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-09-09 17:28 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2006-09-09 17:28 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2006-09-09 17:28 182,784 --a------ C:\WINDOWS\system32\dinput8.dll
2006-09-09 17:28 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-09-09 17:28 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-09-09 17:28 17,920 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-09-09 17:28 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2006-09-09 17:28 159,744 --a------ C:\WINDOWS\system32\dinput.dll
2006-09-09 17:28 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2006-09-09 17:28 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-09-09 17:28 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-09-09 17:28 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-09-09 17:28 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-09-09 17:28 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2006-09-09 17:28 1,430,016 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-09-09 17:28 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-09-09 17:28 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-09-09 17:28 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-09-09 17:28 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-09-09 17:26 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-09-09 17:26 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-09-09 17:25 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2006-09-09 17:25 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-09-09 17:25 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-09-09 17:25 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-09-09 17:25 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-09-09 17:25 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-09 17:25 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2006-09-09 17:25 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-09-09 17:25 16,120,832 -r------- C:\WINDOWS\RTHDCPL.exe
2006-09-09 17:24 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-09-09 17:21 6,784 --a------ C:\WINDOWS\nvoclock.sys
2006-09-09 17:21 57,344 --a------ C:\WINDOWS\AutoTuneScript.dll
2006-09-09 17:21 53,248 --a------ C:\WINDOWS\nvgpio.dll
2006-09-09 17:21 499,712 --a------ C:\WINDOWS\msvcp71.dll
2006-09-09 17:21 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2006-09-09 17:21 380,928 --a------ C:\WINDOWS\nvsulib.dll
2006-09-09 17:21 352,256 --a------ C:\WINDOWS\ntuneoem.dll
2006-09-09 17:21 348,160 --a------ C:\WINDOWS\msvcr71.dll
2006-09-09 17:21 327,168 --a------ C:\WINDOWS\IsUninst.exe
2006-09-09 17:21 217,088 --a------ C:\WINDOWS\NVGfxOgl.dll
2006-09-09 17:21 172,032 --a------ C:\WINDOWS\NVBenchMarks.dll
2006-09-09 17:21 11,264 --a------ C:\WINDOWS\nvoclk64.sys
2006-09-09 17:21 1,060,864 --a------ C:\WINDOWS\MFC71.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-13 22:10 -------- d-------- C:\Programfiler\Fellesfiler
2006-09-13 16:19 -------- d---s---- C:\Programfiler\Xfire
2006-09-12 14:58 -------- d---s---- C:\Documents and Settings\Eivind\Programdata\Microsoft
2006-09-12 14:57 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Xfire
2006-09-11 15:27 -------- d--h----- C:\Programfiler\InstallShield Installation Information
2006-09-11 11:31 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-10 21:44 -------- d-------- C:\Documents and Settings\Eivind\Programdata\gtopala
2006-09-10 21:39 -------- d-------- C:\Programfiler\SIW
2006-09-10 12:00 -------- d-------- C:\Programfiler\Messenger
2006-09-10 11:59 -------- d-------- C:\Programfiler\Internet Explorer
2006-09-10 11:58 -------- d-------- C:\Programfiler\Outlook Express
2006-09-10 11:58 -------- d-------- C:\Programfiler\Fellesfiler\System
2006-09-10 11:47 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Winamp
2006-09-10 11:33 -------- d-------- C:\Programfiler\Alwil Software
2006-09-10 11:13 -------- d-------- C:\Programfiler\Java
2006-09-10 11:11 -------- d-------- C:\Programfiler\Fellesfiler\Java
2006-09-10 11:07 -------- d-------- C:\Programfiler\Windows Media Player
2006-09-10 11:07 -------- d-------- C:\Programfiler\Winamp
2006-09-10 11:03 -------- d-------- C:\Programfiler\WinAce
2006-09-09 23:58 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Ventrilo
2006-09-09 23:40 62 --ahs---- C:\Documents and Settings\Eivind\Programdata\desktop.ini
2006-09-09 23:40 -------- d-------- C:\Programfiler\Fellesfiler\SpeechEngines
2006-09-09 23:40 -------- d-------- C:\Programfiler\Fellesfiler\ODBC
2006-09-09 23:15 -------- d-------- C:\Programfiler\Fellesfiler\InstallShield
2006-09-09 23:12 -------- d--h----- C:\Programfiler\Uninstall Information
2006-09-09 23:12 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Identities
2006-09-09 23:08 -------- d-------- C:\Programfiler\xerox
2006-09-09 23:08 -------- d-------- C:\Programfiler\microsoft frontpage
2006-09-09 23:07 -------- d-------- C:\Programfiler\Elektroniske tjenester
2006-09-09 23:06 -------- d-------- C:\Programfiler\Fellesfiler\Tjenester
2006-09-09 23:06 -------- d-------- C:\Programfiler\Fellesfiler\MSSoap
2006-09-09 23:05 -------- d-------- C:\Programfiler\MSN Gaming Zone
2006-09-09 23:05 -------- d-------- C:\Programfiler\MSN
2006-09-09 23:05 -------- d-------- C:\Programfiler\ComPlus Applications
2006-09-09 20:51 -------- d-------- C:\Programfiler\MSN Messenger
2006-09-09 20:41 -------- d-------- C:\Programfiler\Movie Maker
2006-09-09 20:39 -------- d-------- C:\Programfiler\Windows NT
2006-09-09 20:39 -------- d-------- C:\Programfiler\NetMeeting
2006-09-09 18:27 -------- d--h----- C:\Programfiler\WindowsUpdate
2006-09-09 18:27 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Macromedia
2006-09-09 18:19 -------- d-------- C:\Programfiler\Fellesfiler\Microsoft Shared
2006-09-09 18:19 -------- d-------- C:\Programfiler\Fellesfiler\Logitech
2006-09-09 18:19 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Logitech
2006-09-09 18:18 -------- d-------- C:\Programfiler\Logitech
2006-09-09 17:45 -------- d-------- C:\Programfiler\HDA Digital X-Mystique 7.1
2006-09-09 17:25 -------- d-------- C:\Programfiler\Realtek
2006-09-09 17:21 -------- d-------- C:\Programfiler\MSI
2006-08-05 17:25 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-08-05 17:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 17:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 17:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 17:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:27 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-21 06:10 98304 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-21 06:10 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-21 06:10 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-21 06:10 7573504 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-21 06:10 573440 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-21 06:10 5419008 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-21 06:10 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-21 06:10 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-21 06:10 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-21 06:10 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-21 06:10 3986944 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-21 06:10 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-21 06:10 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-21 06:10 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-06-21 06:10 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-06-21 06:10 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-06-21 06:10 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-06-21 06:10 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-06-21 06:10 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-06-21 06:10 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-06-21 06:10 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-06-21 06:10 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-06-21 06:10 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-06-21 06:10 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrses.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-06-21 06:10 262144 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-06-21 06:10 258048 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-06-21 06:10 258048 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-06-21 06:10 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-21 06:10 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-06-21 06:10 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-06-21 06:10 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-06-21 06:10 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-06-21 06:10 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-21 06:10 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-06-21 06:10 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-21 06:10 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-21 06:10 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-21 06:10 143426 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-21 06:10 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-21 06:10 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-06-21 06:10 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Programfiler\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"WinampAgent"="C:\\Programfiler\\Winamp\\winampa.exe"
"SunJavaUpdateSched"="\"C:\\Programfiler\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\h618
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 13.09.2006 22:11:10.57
ComboFix.txt
  • 0

#4
Shaba
Posted 14 September 2006 - 03:45 AM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Rename HijackThis.exe to HJT.exe and send a fresh HijackThis log, please :whistling:
  • 0

#5
z8n
Posted 14 September 2006 - 07:56 AM

z8n

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

Renamed the file and heres the log:


Logfile of HijackThis v1.99.1
Scan saved at 15:55:07, on 14.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Messenger\MSMSGS.EXE
C:\Programfiler\MSI\Core Center\CoreCenter.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE
E:\Valve\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
E:\mIRC\mirc.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eivind\Skrivebord\hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {258FFE28-D3C7-451F-BD59-F30D8F4DEB23} - C:\WINDOWS\system32\awvtq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\g10946468.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157819248656
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll
O20 - Winlogon Notify: h618 - C:\WINDOWS\g1457468.dll
O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#6
Shaba
Posted 14 September 2006 - 08:46 AM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.[/list]
Re-run combofix

Send:

- a fresh HijackThis log
- combofix report
- c:\windelf.txt
- c:\vundofix.txt
  • 0

#7
z8n
Posted 15 September 2006 - 12:34 AM

z8n

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

I did as you said, and the computer also had to reboot when Vundo tried to delete some files, but after the reboot it still couldnt delete one of the files..

Here's the logs:


---------------------


Logfile of HijackThis v1.99.1
Scan saved at 08:28:08, on 15.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programfiler\Winamp\winampa.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\MSI\Core Center\CoreCenter.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Eivind\Skrivebord\hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll
O2 - BHO: (no name) - {FC1EF655-8BFF-476F-B997-46220C46E5EC} - C:\WINDOWS\system32\awvtq.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157819248656
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll
O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


---------------------


Eivind - 06-09-15 8:26:12,37
ComboFix 06.09.11B - Running from: C:\Documents and Settings\Eivind\Skrivebord

Microsoft Windows XP [Versjon 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-15 to 2006-09-15 ))))))))))))))))))))))))))))))))))


2006-09-15 08:15 1,492 --a------ C:\WINDOWSvundofix.reg
2006-09-15 08:03 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-15 08:03 16,384 --a------ C:\WINDOWS\system32\restart.exe
2006-09-15 08:03 15,703 --a------ C:\delfiles.bat
2006-09-14 21:04 49,664 --a------ C:\WINDOWS\admparsek.dll
2006-09-13 16:14 70,144 --a------ C:\WINDOWS\system32\fontexta.dll
2006-09-10 11:59 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-10 11:48 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-10 11:48 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-10 11:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-10 11:48 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-10 11:40 577,588 --------- C:\WINDOWS\system32\awvtq.dll
2006-09-10 11:33 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-10 11:33 635,520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-10 11:33 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2006-09-10 11:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2006-09-10 11:33 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-09-09 23:41 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2006-09-09 23:41 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-09 23:41 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2006-09-09 23:41 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2006-09-09 23:40 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-09 23:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-09 23:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-09 23:40 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-09 23:40 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-09 23:40 69,120 --a------ C:\WINDOWS\notepad.exe
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-09 23:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-09 23:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-09 23:40 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-09 23:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-09 23:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-09 23:15 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll
2006-09-09 23:15 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-09-09 23:15 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe
2006-09-09 23:15 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-09-09 23:15 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-09 23:15 208,384 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2006-09-09 23:15 208,384 -ra------ C:\WINDOWS\system32\fdco1.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1036.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1034.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1031.dll
2006-09-09 23:15 158,720 -ra------ C:\WINDOWS\system32\fdco_l1046.dll
2006-09-09 23:15 158,720 -ra------ C:\WINDOWS\system32\fdco_l1040.dll
2006-09-09 23:15 156,672 -ra------ C:\WINDOWS\system32\fdco_l1042.dll
2006-09-09 23:15 156,672 -ra------ C:\WINDOWS\system32\fdco_l1041.dll
2006-09-09 23:15 155,648 -ra------ C:\WINDOWS\system32\fdco_l1028.dll
2006-09-09 23:15 155,136 -ra------ C:\WINDOWS\system32\fdco_l2052.dll
2006-09-09 23:15 10,240 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2006-09-09 23:15 10,240 -ra------ C:\WINDOWS\system32\bdco1.dll
2006-09-09 23:08 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-09 23:08 0 -rahs---- C:\MSDOS.SYS
2006-09-09 23:08 0 -rahs---- C:\IO.SYS
2006-09-09 23:08 0 --a------ C:\CONFIG.SYS
2006-09-09 23:08 0 --a------ C:\AUTOEXEC.BAT
2006-09-09 23:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-09 23:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-09 23:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-09 23:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-09 23:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-09 23:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-09 23:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-09 23:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-09 23:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-09 23:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-09 23:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-09 23:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-09 23:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-09 23:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-09 23:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-09 23:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-09 23:06 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-09 23:06 275,968 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-09 23:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-09 23:06 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-09 23:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-09 23:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-09 23:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-09 23:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-09 23:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-09 23:06 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-09 23:05 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-09 23:05 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-09 23:05 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-09 23:05 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-09 23:05 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-09 23:05 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-09 23:05 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-09 23:05 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-09 23:05 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-09 23:05 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-09 23:05 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-09 23:05 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-09 23:05 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-09 23:05 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-09 23:05 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-09 23:05 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-09 23:05 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-09 23:05 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-09 23:05 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-09 23:05 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-09 23:05 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-09 23:05 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-09 23:05 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-09 23:05 228,864 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-09 23:05 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-09 23:05 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-09 23:05 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-09 23:05 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-09 23:05 185,344 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-09 23:05 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-09 23:05 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-09 23:05 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-09 23:05 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-09 23:05 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-09 23:05 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-09 23:05 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-09 23:05 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-09 23:05 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-09 23:05 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-09 23:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-09 23:05 127,488 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-09 23:05 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-09 23:05 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-09 23:05 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-09 23:05 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-09 23:05 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-09 23:04 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-09 23:04 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-09 23:04 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-09 23:04 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-09 23:04 60,928 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-09 23:04 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-09 23:04 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-09 23:04 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-09 23:04 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-09 23:04 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-09 23:04 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-09 23:04 408,064 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-09 23:04 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-09 23:04 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-09 23:04 294,912 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-09 23:04 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-09 23:04 186,368 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-09 23:04 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-09 23:04 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-09 23:04 140,288 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-09 23:04 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-09 23:04 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-09 23:04 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-09 23:04 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-09 23:04 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-09 23:04 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-09 20:31 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-09-09 19:46 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-09-09 19:46 330,240 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-09 18:40 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-09-09 18:31 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-09-09 18:31 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-09-09 18:31 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-09-09 18:31 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-09 18:27 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-09 18:27 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-09 18:27 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-09 18:27 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-09 18:27 174,360 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-09 18:27 127,768 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-09 18:19 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2006-09-09 18:19 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2006-09-09 18:19 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2006-09-09 18:19 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2006-09-09 18:18 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-09-09 17:45 712,704 -ra------ C:\WINDOWS\system32\AUDIO3D3.DLL
2006-09-09 17:45 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2006-09-09 17:45 36,864 -ra------ C:\WINDOWS\system32\CMUDA3.DLL
2006-09-09 17:45 32,768 -ra------ C:\WINDOWS\system32\UDAPROP3.DLL
2006-09-09 17:45 28,672 -ra------ C:\WINDOWS\system32\CMRMDRV3.DLL
2006-09-09 17:45 28,672 -r------- C:\WINDOWS\CmiPCIUninstall.exe
2006-09-09 17:45 233,472 -ra------ C:\WINDOWS\system32\CMRMDRV3.exe
2006-09-09 17:30 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-09 17:28 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-09-09 17:28 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-09-09 17:28 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2006-09-09 17:28 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-09-09 17:28 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-09-09 17:28 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-09-09 17:28 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2006-09-09 17:28 63,696 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-09-09 17:28 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-09-09 17:28 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-09-09 17:28 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-09-09 17:28 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2006-09-09 17:28 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-09-09 17:28 562,688 --a------ C:\WINDOWS\system32\qedit.dll
2006-09-09 17:28 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-09-09 17:28 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2006-09-09 17:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-09 17:28 385,536 --a------ C:\WINDOWS\system32\qdvd.dll
2006-09-09 17:28 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2006-09-09 17:28 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2006-09-09 17:28 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-09-09 17:28 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2006-09-09 17:28 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-09-09 17:28 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-09-09 17:28 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-09-09 17:28 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-09-09 17:28 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-09-09 17:28 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2006-09-09 17:28 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2006-09-09 17:28 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-09-09 17:28 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2006-09-09 17:28 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-09-09 17:28 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2006-09-09 17:28 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2006-09-09 17:28 221,184 --a------ C:\WINDOWS\system32\qasf.dll
2006-09-09 17:28 212,992 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-09-09 17:28 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-09-09 17:28 203,776 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-09-09 17:28 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2006-09-09 17:28 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-09 17:28 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-09-09 17:28 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2006-09-09 17:28 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2006-09-09 17:28 182,784 --a------ C:\WINDOWS\system32\dinput8.dll
2006-09-09 17:28 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-09-09 17:28 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-09-09 17:28 17,920 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-09-09 17:28 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2006-09-09 17:28 159,744 --a------ C:\WINDOWS\system32\dinput.dll
2006-09-09 17:28 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2006-09-09 17:28 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-09-09 17:28 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-09-09 17:28 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-09-09 17:28 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-09-09 17:28 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2006-09-09 17:28 1,430,016 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-09-09 17:28 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-09-09 17:28 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-09-09 17:28 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-09-09 17:28 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-09-09 17:26 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-09-09 17:26 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-09-09 17:25 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2006-09-09 17:25 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-09-09 17:25 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-09-09 17:25 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-09-09 17:25 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-09-09 17:25 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-09 17:25 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2006-09-09 17:25 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-09-09 17:25 16,120,832 -r------- C:\WINDOWS\RTHDCPL.exe
2006-09-09 17:24 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-09-09 17:21 6,784 --a------ C:\WINDOWS\nvoclock.sys
2006-09-09 17:21 57,344 --a------ C:\WINDOWS\AutoTuneScript.dll
2006-09-09 17:21 53,248 --a------ C:\WINDOWS\nvgpio.dll
2006-09-09 17:21 499,712 --a------ C:\WINDOWS\msvcp71.dll
2006-09-09 17:21 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2006-09-09 17:21 380,928 --a------ C:\WINDOWS\nvsulib.dll
2006-09-09 17:21 352,256 --a------ C:\WINDOWS\ntuneoem.dll
2006-09-09 17:21 348,160 --a------ C:\WINDOWS\msvcr71.dll
2006-09-09 17:21 327,168 --a------ C:\WINDOWS\IsUninst.exe
2006-09-09 17:21 217,088 --a------ C:\WINDOWS\NVGfxOgl.dll
2006-09-09 17:21 172,032 --a------ C:\WINDOWS\NVBenchMarks.dll
2006-09-09 17:21 11,264 --a------ C:\WINDOWS\nvoclk64.sys
2006-09-09 17:21 1,060,864 --a------ C:\WINDOWS\MFC71.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-15 08:03 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Xfire
2006-09-14 14:30 -------- d-------- C:\Programfiler\WinAce
2006-09-13 22:10 -------- d-------- C:\Programfiler\Fellesfiler
2006-09-13 16:19 -------- d---s---- C:\Programfiler\Xfire
2006-09-12 14:58 -------- d---s---- C:\Documents and Settings\Eivind\Programdata\Microsoft
2006-09-11 15:27 -------- d--h----- C:\Programfiler\InstallShield Installation Information
2006-09-11 11:31 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-10 21:44 -------- d-------- C:\Documents and Settings\Eivind\Programdata\gtopala
2006-09-10 21:39 -------- d-------- C:\Programfiler\SIW
2006-09-10 12:00 -------- d-------- C:\Programfiler\Messenger
2006-09-10 11:59 -------- d-------- C:\Programfiler\Internet Explorer
2006-09-10 11:58 -------- d-------- C:\Programfiler\Outlook Express
2006-09-10 11:58 -------- d-------- C:\Programfiler\Fellesfiler\System
2006-09-10 11:47 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Winamp
2006-09-10 11:33 -------- d-------- C:\Programfiler\Alwil Software
2006-09-10 11:13 -------- d-------- C:\Programfiler\Java
2006-09-10 11:11 -------- d-------- C:\Programfiler\Fellesfiler\Java
2006-09-10 11:07 -------- d-------- C:\Programfiler\Windows Media Player
2006-09-10 11:07 -------- d-------- C:\Programfiler\Winamp
2006-09-09 23:58 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Ventrilo
2006-09-09 23:40 62 --ahs---- C:\Documents and Settings\Eivind\Programdata\desktop.ini
2006-09-09 23:40 -------- d-------- C:\Programfiler\Fellesfiler\SpeechEngines
2006-09-09 23:40 -------- d-------- C:\Programfiler\Fellesfiler\ODBC
2006-09-09 23:15 -------- d-------- C:\Programfiler\Fellesfiler\InstallShield
2006-09-09 23:12 -------- d--h----- C:\Programfiler\Uninstall Information
2006-09-09 23:12 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Identities
2006-09-09 23:08 -------- d-------- C:\Programfiler\xerox
2006-09-09 23:08 -------- d-------- C:\Programfiler\microsoft frontpage
2006-09-09 23:07 -------- d-------- C:\Programfiler\Elektroniske tjenester
2006-09-09 23:06 -------- d-------- C:\Programfiler\Fellesfiler\Tjenester
2006-09-09 23:06 -------- d-------- C:\Programfiler\Fellesfiler\MSSoap
2006-09-09 23:05 -------- d-------- C:\Programfiler\MSN Gaming Zone
2006-09-09 23:05 -------- d-------- C:\Programfiler\MSN
2006-09-09 23:05 -------- d-------- C:\Programfiler\ComPlus Applications
2006-09-09 20:51 -------- d-------- C:\Programfiler\MSN Messenger
2006-09-09 20:41 -------- d-------- C:\Programfiler\Movie Maker
2006-09-09 20:39 -------- d-------- C:\Programfiler\Windows NT
2006-09-09 20:39 -------- d-------- C:\Programfiler\NetMeeting
2006-09-09 18:27 -------- d--h----- C:\Programfiler\WindowsUpdate
2006-09-09 18:27 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Macromedia
2006-09-09 18:19 -------- d-------- C:\Programfiler\Fellesfiler\Microsoft Shared
2006-09-09 18:19 -------- d-------- C:\Programfiler\Fellesfiler\Logitech
2006-09-09 18:19 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Logitech
2006-09-09 18:18 -------- d-------- C:\Programfiler\Logitech
2006-09-09 17:45 -------- d-------- C:\Programfiler\HDA Digital X-Mystique 7.1
2006-09-09 17:25 -------- d-------- C:\Programfiler\Realtek
2006-09-09 17:21 -------- d-------- C:\Programfiler\MSI
2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-05 17:25 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-08-05 17:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 17:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 17:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 17:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:27 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-22 07:17 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 07:17 1436672 --a------ C:\WINDOWS\system32\query.dll
2006-06-21 06:10 98304 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-21 06:10 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-21 06:10 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-21 06:10 7573504 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-21 06:10 573440 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-21 06:10 5419008 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-21 06:10 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-21 06:10 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-21 06:10 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-21 06:10 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-21 06:10 3986944 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-21 06:10 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-21 06:10 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-21 06:10 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-06-21 06:10 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-06-21 06:10 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-06-21 06:10 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-06-21 06:10 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-06-21 06:10 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-06-21 06:10 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-06-21 06:10 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-06-21 06:10 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-06-21 06:10 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-06-21 06:10 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrses.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-06-21 06:10 262144 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-06-21 06:10 258048 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-06-21 06:10 258048 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-06-21 06:10 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-21 06:10 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-06-21 06:10 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-06-21 06:10 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-06-21 06:10 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-06-21 06:10 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-21 06:10 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-06-21 06:10 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-21 06:10 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-21 06:10 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-21 06:10 143426 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-21 06:10 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-21 06:10 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-06-21 06:10 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"WinampAgent"="C:\\Programfiler\\Winamp\\winampa.exe"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Programfiler\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Programfiler\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 15.09.2006 8:27:21.17
ComboFix.txt


---------------------


WIN32DELFKIL LOGFILE - by Marckie


version 3.02
15.09.2006 8:03:41,23
running from: "C:\Documents and Settings\Eivind\Skrivebord"


--- File(s) found in Windows directory ---
g10946468.dll
g138250.dll
g13961765.dll
g1457468.dll
g18643500.dll
g2184125.dll
g265031.dll
g2903968.dll
g32307828.dll
g36998062.dll
g4596578.dll

--- File(s) found in system32 folder ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"



--- sharedtaskkey (1): 259BA022-2005-45E9-A965-10EDB9C00618 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}]
@="C:\\WINDOWS\\g1457468.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InprocServer32]
@="C:\\WINDOWS\\g1457468.dll"
"ThreadingModel"="Apartment"

checking for file:
g1457468.dll found
g1457468.dll deleted!

--- Notify key ---
subkey h618 is present!


--- rebooting the computer ---


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]



--- Notify key ---

Finished!


------------------------


VundoFix V6.1.5

Checking Java version...

Sun Java not detected
Scan started at 08:07:59 15.09.2006

Listing files found while scanning....

C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\khfgdaa.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgdaa.dll
C:\WINDOWS\system32\khfgdaa.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.5

Checking Java version...

Sun Java not detected
Scan started at 08:12:33 15.09.2006

Listing files found while scanning....

C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.5

Checking Java version...

Sun Java not detected
Scan started at 08:17:02 15.09.2006

Listing files found while scanning....

C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#8
Shaba
Posted 15 September 2006 - 09:47 AM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Yes, we need other tools.

1. Download this file - combofix.exe
and save it to your desktop.

2. Go to start -> run.
type this in box and click ok

"%userprofile%\Skrivebord\combofix.exe" /v awvtq

3. When finished, it shall produce a log for you. Post that log in your next reply

4. Reboot

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Send:

- a fresh HijackThis log
- combofix report
  • 0

#9
z8n
Posted 16 September 2006 - 04:46 AM

z8n

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

Heres the logs:


Logfile of HijackThis v1.99.1
Scan saved at 12:45:51, on 16.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programfiler\Winamp\winampa.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\MSI\Core Center\CoreCenter.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eivind\Skrivebord\hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157819248656
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


--------------


Eivind - 06-09-16 12:41:34,14 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Eivind\Skrivebord

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-08-16 to 2006-09-16 ))))))))))))))))))))))))))))))))))


2006-09-16 12:04 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2006-09-16 01:27 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-16 01:27 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-15 08:15 1,492 --a------ C:\WINDOWSvundofix.reg
2006-09-15 08:03 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-15 08:03 16,384 --a------ C:\WINDOWS\system32\restart.exe
2006-09-15 08:03 15,703 --a------ C:\delfiles.bat
2006-09-14 21:04 49,664 --a------ C:\WINDOWS\admparsek.dll
2006-09-13 16:14 70,144 --a------ C:\WINDOWS\system32\fontexta.dll
2006-09-10 11:59 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-10 11:48 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-10 11:48 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-10 11:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-10 11:48 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-10 11:33 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-10 11:33 635,520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-10 11:33 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2006-09-10 11:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2006-09-10 11:33 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-09-09 23:41 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2006-09-09 23:41 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-09 23:41 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2006-09-09 23:41 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2006-09-09 23:40 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-09 23:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-09 23:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-09 23:40 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-09 23:40 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-09 23:40 69,120 --a------ C:\WINDOWS\notepad.exe
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-09 23:40 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-09 23:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-09 23:40 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-09 23:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-09 23:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-09 23:40 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-09 23:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-09 23:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-09 23:15 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll
2006-09-09 23:15 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-09-09 23:15 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe
2006-09-09 23:15 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-09-09 23:15 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-09 23:15 208,384 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2006-09-09 23:15 208,384 -ra------ C:\WINDOWS\system32\fdco1.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1036.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1034.dll
2006-09-09 23:15 159,232 -ra------ C:\WINDOWS\system32\fdco_l1031.dll
2006-09-09 23:15 158,720 -ra------ C:\WINDOWS\system32\fdco_l1046.dll
2006-09-09 23:15 158,720 -ra------ C:\WINDOWS\system32\fdco_l1040.dll
2006-09-09 23:15 156,672 -ra------ C:\WINDOWS\system32\fdco_l1042.dll
2006-09-09 23:15 156,672 -ra------ C:\WINDOWS\system32\fdco_l1041.dll
2006-09-09 23:15 155,648 -ra------ C:\WINDOWS\system32\fdco_l1028.dll
2006-09-09 23:15 155,136 -ra------ C:\WINDOWS\system32\fdco_l2052.dll
2006-09-09 23:15 10,240 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2006-09-09 23:15 10,240 -ra------ C:\WINDOWS\system32\bdco1.dll
2006-09-09 23:08 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-09 23:08 0 -rahs---- C:\MSDOS.SYS
2006-09-09 23:08 0 -rahs---- C:\IO.SYS
2006-09-09 23:08 0 --a------ C:\CONFIG.SYS
2006-09-09 23:08 0 --a------ C:\AUTOEXEC.BAT
2006-09-09 23:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-09 23:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-09 23:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-09 23:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-09 23:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-09 23:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-09 23:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-09 23:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-09 23:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-09 23:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-09 23:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-09 23:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-09 23:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-09 23:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-09 23:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-09 23:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-09 23:06 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-09 23:06 275,968 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-09 23:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-09 23:06 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-09 23:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-09 23:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-09 23:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-09 23:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-09 23:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-09 23:06 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-09 23:05 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-09 23:05 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-09 23:05 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-09 23:05 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-09 23:05 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-09 23:05 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-09 23:05 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-09 23:05 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-09 23:05 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-09 23:05 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-09 23:05 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-09 23:05 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-09 23:05 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-09 23:05 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-09 23:05 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-09 23:05 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-09 23:05 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-09 23:05 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-09 23:05 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-09 23:05 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-09 23:05 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-09 23:05 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-09 23:05 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-09 23:05 228,864 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-09 23:05 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-09 23:05 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-09 23:05 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-09 23:05 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-09 23:05 185,344 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-09 23:05 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-09 23:05 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-09 23:05 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-09 23:05 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-09 23:05 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-09 23:05 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-09 23:05 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-09 23:05 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-09 23:05 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-09 23:05 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-09 23:05 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-09 23:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-09 23:05 127,488 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-09 23:05 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-09 23:05 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-09 23:05 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-09 23:05 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-09 23:05 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-09 23:04 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-09 23:04 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-09 23:04 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-09 23:04 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-09 23:04 60,928 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-09 23:04 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-09 23:04 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-09 23:04 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-09 23:04 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-09 23:04 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-09 23:04 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-09 23:04 408,064 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-09 23:04 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-09 23:04 344,064 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-09 23:04 294,912 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-09 23:04 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-09 23:04 186,368 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-09 23:04 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-09 23:04 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-09 23:04 140,288 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-09 23:04 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-09 23:04 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-09 23:04 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-09 23:04 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-09 23:04 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-09 23:04 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-09 20:31 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-09-09 19:46 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-09-09 19:46 330,240 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-09 18:40 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-09-09 18:31 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-09-09 18:31 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-09-09 18:31 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-09-09 18:31 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-09 18:27 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-09 18:27 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-09 18:27 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-09 18:27 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-09 18:27 174,360 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-09 18:27 127,768 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-09 18:19 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2006-09-09 18:19 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2006-09-09 18:19 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2006-09-09 18:19 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2006-09-09 18:18 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-09-09 17:45 712,704 -ra------ C:\WINDOWS\system32\AUDIO3D3.DLL
2006-09-09 17:45 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2006-09-09 17:45 36,864 -ra------ C:\WINDOWS\system32\CMUDA3.DLL
2006-09-09 17:45 32,768 -ra------ C:\WINDOWS\system32\UDAPROP3.DLL
2006-09-09 17:45 28,672 -ra------ C:\WINDOWS\system32\CMRMDRV3.DLL
2006-09-09 17:45 28,672 -r------- C:\WINDOWS\CmiPCIUninstall.exe
2006-09-09 17:45 233,472 -ra------ C:\WINDOWS\system32\CMRMDRV3.exe
2006-09-09 17:30 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-09 17:28 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-09-09 17:28 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-09-09 17:28 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2006-09-09 17:28 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-09-09 17:28 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-09-09 17:28 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-09-09 17:28 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2006-09-09 17:28 63,696 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-09-09 17:28 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-09-09 17:28 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-09-09 17:28 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-09-09 17:28 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2006-09-09 17:28 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-09-09 17:28 562,688 --a------ C:\WINDOWS\system32\qedit.dll
2006-09-09 17:28 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-09-09 17:28 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2006-09-09 17:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-09 17:28 385,536 --a------ C:\WINDOWS\system32\qdvd.dll
2006-09-09 17:28 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2006-09-09 17:28 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2006-09-09 17:28 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-09-09 17:28 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2006-09-09 17:28 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-09-09 17:28 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-09-09 17:28 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-09-09 17:28 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-09-09 17:28 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-09-09 17:28 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2006-09-09 17:28 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2006-09-09 17:28 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-09-09 17:28 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2006-09-09 17:28 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-09-09 17:28 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2006-09-09 17:28 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2006-09-09 17:28 221,184 --a------ C:\WINDOWS\system32\qasf.dll
2006-09-09 17:28 212,992 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-09-09 17:28 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-09-09 17:28 203,776 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-09-09 17:28 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2006-09-09 17:28 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-09 17:28 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-09-09 17:28 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2006-09-09 17:28 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2006-09-09 17:28 182,784 --a------ C:\WINDOWS\system32\dinput8.dll
2006-09-09 17:28 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-09-09 17:28 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-09-09 17:28 17,920 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-09-09 17:28 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2006-09-09 17:28 159,744 --a------ C:\WINDOWS\system32\dinput.dll
2006-09-09 17:28 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2006-09-09 17:28 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-09-09 17:28 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-09-09 17:28 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-09-09 17:28 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-09-09 17:28 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2006-09-09 17:28 1,430,016 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-09-09 17:28 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-09-09 17:28 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-09-09 17:28 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-09-09 17:28 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-09-09 17:26 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-09-09 17:26 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-09-09 17:25 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2006-09-09 17:25 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-09-09 17:25 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-09-09 17:25 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-09-09 17:25 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-09-09 17:25 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-09 17:25 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2006-09-09 17:25 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-09-09 17:25 16,120,832 -r------- C:\WINDOWS\RTHDCPL.exe
2006-09-09 17:24 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-09-09 17:21 6,784 --a------ C:\WINDOWS\nvoclock.sys
2006-09-09 17:21 57,344 --a------ C:\WINDOWS\AutoTuneScript.dll
2006-09-09 17:21 53,248 --a------ C:\WINDOWS\nvgpio.dll
2006-09-09 17:21 499,712 --a------ C:\WINDOWS\msvcp71.dll
2006-09-09 17:21 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2006-09-09 17:21 380,928 --a------ C:\WINDOWS\nvsulib.dll
2006-09-09 17:21 352,256 --a------ C:\WINDOWS\ntuneoem.dll
2006-09-09 17:21 348,160 --a------ C:\WINDOWS\msvcr71.dll
2006-09-09 17:21 327,168 --a------ C:\WINDOWS\IsUninst.exe
2006-09-09 17:21 217,088 --a------ C:\WINDOWS\NVGfxOgl.dll
2006-09-09 17:21 172,032 --a------ C:\WINDOWS\NVBenchMarks.dll
2006-09-09 17:21 11,264 --a------ C:\WINDOWS\nvoclk64.sys
2006-09-09 17:21 1,060,864 --a------ C:\WINDOWS\MFC71.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-16 12:00 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-16 12:00 -------- d-------- C:\Programfiler\DAEMON Tools
2006-09-16 11:58 96256 --a------ C:\WINDOWS\system32\drivers\sptd4317.sys
2006-09-16 11:58 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-16 01:27 -------- d-------- C:\Programfiler\DivX
2006-09-15 17:02 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Adobe
2006-09-15 16:16 -------- d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared
2006-09-15 16:16 -------- d-------- C:\Programfiler\Fellesfiler\Adobe
2006-09-15 16:16 -------- d-------- C:\Programfiler\Fellesfiler
2006-09-15 16:15 -------- d--h----- C:\Programfiler\InstallShield Installation Information
2006-09-15 16:15 -------- d-------- C:\Programfiler\Adobe
2006-09-15 09:58 -------- d-------- C:\Documents and Settings\Eivind\Programdata\vlc
2006-09-15 09:50 -------- d-------- C:\Programfiler\VideoLAN
2006-09-15 08:03 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Xfire
2006-09-14 14:30 -------- d-------- C:\Programfiler\WinAce
2006-09-13 16:19 -------- d---s---- C:\Programfiler\Xfire
2006-09-12 14:58 -------- d---s---- C:\Documents and Settings\Eivind\Programdata\Microsoft
2006-09-11 11:31 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-10 21:44 -------- d-------- C:\Documents and Settings\Eivind\Programdata\gtopala
2006-09-10 21:39 -------- d-------- C:\Programfiler\SIW
2006-09-10 12:00 -------- d-------- C:\Programfiler\Messenger
2006-09-10 11:59 -------- d-------- C:\Programfiler\Internet Explorer
2006-09-10 11:58 -------- d-------- C:\Programfiler\Outlook Express
2006-09-10 11:58 -------- d-------- C:\Programfiler\Fellesfiler\System
2006-09-10 11:47 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Winamp
2006-09-10 11:33 -------- d-------- C:\Programfiler\Alwil Software
2006-09-10 11:13 -------- d-------- C:\Programfiler\Java
2006-09-10 11:11 -------- d-------- C:\Programfiler\Fellesfiler\Java
2006-09-10 11:07 -------- d-------- C:\Programfiler\Windows Media Player
2006-09-10 11:07 -------- d-------- C:\Programfiler\Winamp
2006-09-09 23:58 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Ventrilo
2006-09-09 23:40 62 --ahs---- C:\Documents and Settings\Eivind\Programdata\desktop.ini
2006-09-09 23:40 -------- d-------- C:\Programfiler\Fellesfiler\SpeechEngines
2006-09-09 23:40 -------- d-------- C:\Programfiler\Fellesfiler\ODBC
2006-09-09 23:15 -------- d-------- C:\Programfiler\Fellesfiler\InstallShield
2006-09-09 23:12 -------- d--h----- C:\Programfiler\Uninstall Information
2006-09-09 23:12 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Identities
2006-09-09 23:08 -------- d-------- C:\Programfiler\xerox
2006-09-09 23:08 -------- d-------- C:\Programfiler\microsoft frontpage
2006-09-09 23:07 -------- d-------- C:\Programfiler\Elektroniske tjenester
2006-09-09 23:06 -------- d-------- C:\Programfiler\Fellesfiler\Tjenester
2006-09-09 23:06 -------- d-------- C:\Programfiler\Fellesfiler\MSSoap
2006-09-09 23:05 -------- d-------- C:\Programfiler\MSN Gaming Zone
2006-09-09 23:05 -------- d-------- C:\Programfiler\MSN
2006-09-09 23:05 -------- d-------- C:\Programfiler\ComPlus Applications
2006-09-09 20:51 -------- d-------- C:\Programfiler\MSN Messenger
2006-09-09 20:41 -------- d-------- C:\Programfiler\Movie Maker
2006-09-09 20:39 -------- d-------- C:\Programfiler\Windows NT
2006-09-09 20:39 -------- d-------- C:\Programfiler\NetMeeting
2006-09-09 18:27 -------- d--h----- C:\Programfiler\WindowsUpdate
2006-09-09 18:27 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Macromedia
2006-09-09 18:19 -------- d-------- C:\Programfiler\Fellesfiler\Microsoft Shared
2006-09-09 18:19 -------- d-------- C:\Programfiler\Fellesfiler\Logitech
2006-09-09 18:19 -------- d-------- C:\Documents and Settings\Eivind\Programdata\Logitech
2006-09-09 18:18 -------- d-------- C:\Programfiler\Logitech
2006-09-09 17:45 -------- d-------- C:\Programfiler\HDA Digital X-Mystique 7.1
2006-09-09 17:25 -------- d-------- C:\Programfiler\Realtek
2006-09-09 17:21 -------- d-------- C:\Programfiler\MSI
2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-11 19:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 19:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 19:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 19:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 19:31 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-08-11 19:31 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-08-11 19:31 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-08-11 19:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 19:31 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-08-11 19:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 19:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 19:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 19:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 19:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 19:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 19:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 19:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 19:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-08-05 17:25 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-08-05 17:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 17:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 17:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 17:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:27 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-22 07:17 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 07:17 1436672 --a------ C:\WINDOWS\system32\query.dll
2006-06-21 06:10 98304 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-21 06:10 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-21 06:10 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-21 06:10 7573504 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-21 06:10 573440 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-21 06:10 5419008 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-21 06:10 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-21 06:10 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-21 06:10 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-21 06:10 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-21 06:10 3986944 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-21 06:10 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-21 06:10 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-21 06:10 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-06-21 06:10 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-06-21 06:10 327680 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-06-21 06:10 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-06-21 06:10 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-06-21 06:10 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-06-21 06:10 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-06-21 06:10 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-06-21 06:10 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-06-21 06:10 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-06-21 06:10 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-06-21 06:10 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-06-21 06:10 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-06-21 06:10 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-06-21 06:10 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrses.dll
2006-06-21 06:10 282624 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-06-21 06:10 278528 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-06-21 06:10 270336 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-06-21 06:10 266240 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-06-21 06:10 262144 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-06-21 06:10 258048 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-06-21 06:10 258048 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-06-21 06:10 253952 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-06-21 06:10 245760 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-06-21 06:10 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-21 06:10 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-06-21 06:10 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-06-21 06:10 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-06-21 06:10 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-06-21 06:10 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-21 06:10 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-06-21 06:10 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-21 06:10 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-21 06:10 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-21 06:10 143426 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-21 06:10 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-21 06:10 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-06-21 06:10 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Programfiler\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"WinampAgent"="C:\\Programfiler\\Winamp\\winampa.exe"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"DAEMON Tools"="\"C:\\Programfiler\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Programfiler\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Programfiler\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 16.09.2006 12:43:17.07
ComboFix.txt
ComboFix2.txt
  • 0

#10
Shaba
Posted 16 September 2006 - 06:26 AM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Vundo seems to be gone :whistling:

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll
O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)

Close all windows including browser and press fix checked.

Reboot

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Send:

- a fresh HijackThis log
- kaspersky report
  • 0

Advertisements

#11
z8n
Posted 18 September 2006 - 08:15 AM

z8n

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

Heres the logs:

Logfile of HijackThis v1.99.1
Scan saved at 16:13:55, on 18.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programfiler\Winamp\winampa.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\MSI\Core Center\CoreCenter.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE
E:\Valve\Steam\Steam.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eivind\Skrivebord\hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157819248656
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


----------


Monday, September 18, 2006 7:47:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/09/2006
Kaspersky Anti-Virus database records: 224089


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
G:\

Scan Statistics
Total number of scanned objects 149192
Number of viruses found 14
Number of infected objects 42 / 0
Number of suspicious objects 0
Duration of the scan process 00:53:39

Infected Object Name Virus Name Last Action
C:\!KillBox\Update.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\Documents and Settings\Eivind\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Eivind\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Eivind\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Eivind\Skrivebord\hijackthis\backups\backup-20060916-190116-220.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005374.exe Infected: Trojan-Downloader.Win32.Zlob.adq skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005376.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005519.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005520.exe Infected: Trojan-Downloader.Win32.Zlob.adq skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005521.exe Infected: Trojan-Downloader.Win32.Zlob.adq skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005523.exe Infected: Trojan-Downloader.Win32.Zlob.ajv skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005527.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005535.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP105\A0005636.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP105\A0005653.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP106\A0005767.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP106\A0008776.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP107\A0008817.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP107\A0008856.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP108\A0008928.dll Infected: Packed.Win32.Klone.g skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP108\A0008934.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP109\A0009001.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP109\A0009012.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP109\A0009026.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010171.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010176.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010177.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010178.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010179.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010180.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010181.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010183.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010184.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010185.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010186.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010191.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP113\A0011477.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP113\change.log Object is locked skipped

C:\VundoFix Backups\khfgdaa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped

C:\WINDOWS\admparsek.dll Infected: Trojan-Downloader.Win32.Delf.aqs skipped

C:\WINDOWS\cpblpbc33.log Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd4317.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_784.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\_backupD\g1457468.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\Half life på minsin på bra (Tony)\Half life på minsin på bra (Tony).ace/hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped

E:\Half life på minsin på bra (Tony)\Half life på minsin på bra (Tony).ace ACE: infected - 1 skipped

E:\Half life på minsin på bra (Tony)\hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped

E:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\Valve\Steam\Steam.log Object is locked skipped

E:\Valve\Steam\SteamApps\counter-strike.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\half-life engine.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\half-life.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\platform.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\sourceinit.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\winui.gcf Object is locked skipped

E:\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped

Scan process completed.
  • 0

#12
Shaba
Posted 18 September 2006 - 09:19 AM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\admparsek.dll
C:\WINDOWS\cpblpbc33.log

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty these folders :

C:\!KillBox
C:\VundoFix Backups

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report
  • 0

#13
z8n
Posted 19 September 2006 - 06:55 AM

z8n

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

Did as you said and heres the logs:


Logfile of HijackThis v1.99.1
Scan saved at 14:53:54, on 19.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\MSI\Core Center\CoreCenter.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
E:\Valve\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eivind\Skrivebord\hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1157819248656
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


-----------


Tuesday, September 19, 2006 2:53:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 18/09/2006
Kaspersky Anti-Virus database records: 224376


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
G:\

Scan Statistics
Total number of scanned objects 150763
Number of viruses found 15
Number of infected objects 44 / 0
Number of suspicious objects 0
Duration of the scan process 00:53:51

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Eivind\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Logg\History.IE5\MSHist012006091820060919\index.dat Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Temp\Perflib_Perfdata_3c4.dat Object is locked skipped

C:\Documents and Settings\Eivind\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Eivind\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Eivind\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Eivind\Skrivebord\hijackthis\backups\backup-20060916-190116-220.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Programfiler\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\RECYCLER\S-1-5-21-57989841-1844237615-725345543-1003\Dc12.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped

C:\RECYCLER\S-1-5-21-57989841-1844237615-725345543-1003\Dc6.log Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\RECYCLER\S-1-5-21-57989841-1844237615-725345543-1003\Dc7.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\RECYCLER\S-1-5-21-57989841-1844237615-725345543-1003\Dc9.dll Infected: Trojan-Downloader.Win32.Delf.aqs skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005374.exe Infected: Trojan-Downloader.Win32.Zlob.adq skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005376.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005519.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005520.exe Infected: Trojan-Downloader.Win32.Zlob.adq skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005521.exe Infected: Trojan-Downloader.Win32.Zlob.adq skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005522.exe Infected: Trojan-Downloader.Win32.Zlob.alf skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005523.exe Infected: Trojan-Downloader.Win32.Zlob.ajv skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005527.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP104\A0005535.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP105\A0005636.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP105\A0005653.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP106\A0005767.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP106\A0008776.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP107\A0008817.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP107\A0008856.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP108\A0008928.dll Infected: Packed.Win32.Klone.g skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP108\A0008934.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP109\A0009001.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP109\A0009012.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP109\A0009026.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010171.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010176.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010177.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010178.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010179.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010180.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010181.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010183.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010184.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010185.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010186.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP111\A0010191.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP113\A0011477.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP114\A0011597.dll Infected: Trojan-Downloader.Win32.Delf.aqs skipped

C:\System Volume Information\_restore{EF0AEA71-578C-4E5C-B209-F22C30BB605F}\RP114\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{C8A3C993-48D9-4379-A2F0-5FCAC7D5BD3F}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd4317.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\_backupD\g1457468.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\Half life på minsin på bra (Tony)\Half life på minsin på bra (Tony).ace/hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped

E:\Half life på minsin på bra (Tony)\Half life på minsin på bra (Tony).ace ACE: infected - 1 skipped

E:\Half life på minsin på bra (Tony)\hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped

E:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\Valve\Steam\Steam.log Object is locked skipped

E:\Valve\Steam\SteamApps\counter-strike.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\half-life engine.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\half-life.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\platform.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\sourceinit.gcf Object is locked skipped

E:\Valve\Steam\SteamApps\winui.gcf Object is locked skipped

E:\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped

Scan process completed.
  • 0

#14
Shaba
Posted 19 September 2006 - 08:36 AM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Empty this folder:

C:\_backupD

Empty Recycle Bin

Otherwise looking good.

Do you still have problems?
  • 0

#15
z8n
Posted 19 September 2006 - 08:44 AM

z8n

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

No, seems like its fixed now :whistling:
Thanks for all your time and help :blink:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP