Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Some hard-to-get infection on my pc [RESOLVED]


  • This topic is locked This topic is locked

#1
mathiaspoulsen

mathiaspoulsen

    New Member

  • Member
  • Pip
  • 9 posts
Hey!

I just saw this great ressource and hope you can help me out. My problem started with Avast finding some trojan, and now I've been running different scans.

I've followed these steps - http://www.geekstogo...-Log-t2852.html - and below I post the logs in the same order as in your post - with Hijackthis at the end.

Malwarebytes' Anti-Malware 1.12
Database version: 789

Skan type: Hurtig skanning
Objekter skannet: 34392
Tid tilbagelagt: 1 minute(s), 30 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

______________________________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/27/2008 at 03:12 PM

Application Version : 4.1.1046

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Complete Scan
Total Scan Time : 01:50:03

Memory items scanned : 610
Memory threats detected : 0
Registry items scanned : 6727
Registry threats detected : 0
File items scanned : 415308
File threats detected : 1

Adware.Tracking Cookie
C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

__________________________________________________

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-27 15:53:03
PROTECTIONS: 1
MALWARE: 36
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.8.1169 [VPS 080527-0] 4.8.1169 No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00039703 Application/Pskill.A HackTools No 0 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\SYSINTTOOLS\PSKILL.EXE]
00099501 Application/Psexec.A HackTools No 0 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\SYSINTTOOLS\PSEXEC.EXE]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.atdmt.com/]
00140033 Trj/Zapchast.I Virus/Trojan No 0 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\UTILSPACK3\MAILPASSVIEW.EXE]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.mediaplex.com/]
00157008 Hacktool/Passview.E HackTools No 0 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\UTILSPACK2\PASSVIEW.EXE]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.xiti.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.bs.serving-sys.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.888.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.888.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[server.iad.liveperson.net/hc/76711721]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[statse.webtrendslive.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.realmedia.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.bluestreak.com/]
00173987 Cookie/Itrack TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[ilead.itrack.it/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.bravenet.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.adultfriendfinder.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.did-it.com/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.adviva.net/]
00208691 Application/Psshutdown.A HackTools No 0 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\SYSINTTOOLS\PSSHUTDOWN.EXE]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cookies.txt[.smartadserver.com/]
01240548 Hacktool/BosonGetPass HackTools No 0 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\BOSON\GETPASS.EXE]
01244487 HackTool/GetHashes HackTools No 1 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\UTILSPACK4\GETHASHES.EXE]
01244487 HackTool/GetHashes HackTools No 1 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\UTILSPACK5\GETHASHES.EXE]
02417475 HackTool/MSNpass.G HackTools No 0 No No D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar[setup\WinPE\PROGRAMS\UTILSPACK3\MESSENGERPW.EXE]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location ??/"???

3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description ??/"???

3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:02, on 27-05-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\TEXTware\Illuminator 2\Illview02.exe
C:\Program Files\TEXTware\QUICKfind\QFServer.exe
C:\Program Files\TEXTware\Illuminator 2\illview02.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {E218C729-921F-45A6-94B8-C901B16CBA62} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8167 bytes
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello mathiaspoulsen, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..


Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following logs in separate post..

1. Kaspersky Online
2. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512
  • 0

#3
mathiaspoulsen

mathiaspoulsen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

Thx for your help, so far. Here comes the logs - I'm unsure whether you meant two separate posts, but now they're split - Kaspersky first.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 10:24:06 PM
Operating System: Microsoft Windows Vista Professional, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812777
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 184947
Number of viruses found: 12
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 01:33:35

Infected Object Name / Virus Name / Last Action
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident (overvågende) beskyttelse.txt Object is locked skipped
C:\Program Files\TechSmith\SnagIt 8\SnagIt Add-in.dot Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.13.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.13.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy28.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA073.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA074.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\dfsr.db Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\fsr.log Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\fsrtmp.log Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\tmp.edb Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052920080530\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{62522BAE-581E-40BF-B0DB-D8837657A22B}.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{01519511-E952-486A-8BF3-4D9D9C0ABD8F}.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3A63598A-7F7A-4D50-97B2-BC1D59FB5A75}.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{66E490B8-C838-4203-879E-DEC2ADB9357C}.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8303F74E-373E-43C3-82C5-A6EAB26D4481}.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat{ba888673-22c2-11dd-92cb-a12ed76628ba}.TM.blf Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat{ba888673-22c2-11dd-92cb-a12ed76628ba}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat{ba888673-22c2-11dd-92cb-a12ed76628ba}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows Defender\FileTracker\{C6E7E383-3717-4583-B10A-90602A3FBDC7} Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\tmp000082c5 Infected: Trojan.Win32.Agent.qrv skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\tmp00008f91 Infected: Trojan.Win32.Agent.qrv skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\tmp0000cfdb Infected: Trojan.Win32.Agent.qrv skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\tmp0000d171 Infected: Trojan.Win32.Agent.qrv skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\tmp0000ef9b Infected: Trojan.Win32.Agent.qrv skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DF84B5.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DF8B9A.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DFE5EA.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DFE67C.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DFE694.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DFE9D8.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-29-2008( 11-20-15 ).LOG Object is locked skipped
C:\Users\Mathias Poulsen\NTUSER.DAT Object is locked skipped
C:\Users\Mathias Poulsen\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Mathias Poulsen\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Mathias Poulsen\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\Mathias Poulsen\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Mathias Poulsen\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\CSC\v2.0.6\temp\ea-{5d142b56-2839-11dd-837c-001d6045e152} Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\_avast4_\Webshlock.txt Object is locked skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso ISOimage: infected - 3 skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition 8.1.1.4+KeyMaker\Nero-8.1.1.4_eng_update.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition 8.1.1.4+KeyMaker\Nero-8.1.1.4_eng_update.exe 7-Zip: infected - 1 skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra New version 8.3.2.1 With Working Keygen.zip/Nero 8 Ultra New version 8.3.2.1 With Working Keygen/Nero 8 Ultra v8.3.2.1.exe Infected: Trojan-Dropper.Win32.Agent.b skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra New version 8.3.2.1 With Working Keygen.zip ZIP: infected - 1 skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8.3.2.1\Nero-8.3.2.1_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8.3.2.1\Nero-8.3.2.1_eng_trial.exe 7-Zip: infected - 1 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/BOSON/GETPASS.EXE Infected: not-a-virus:PSWTool.Win32.GetPass.e skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/KEYFINDER/KEYFINDER.EXE/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/KEYFINDER/KEYFINDER.EXE/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/KEYFINDER/KEYFINDER.EXE/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/KEYFINDER/KEYFINDER.EXE Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/UTILSPACK3/MAILPASSVIEW.EXE Infected: not-a-virus:PSWTool.Win32.MailPassView.130 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/UTILSPACK3/MESSENGERPW.EXE Infected: not-a-virus:PSWTool.Win32.Messen.102 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/mIRC.exe/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/UTILSPACK2/PASSVIEW.EXE Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/SYSINTTOOLS/PSEXEC.EXE Infected: not-a-virus:NetTool.Win32.RemoteStartProcess.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/SYSINTTOOLS/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/REMOTE/VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/ULTRAVNC/VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar RAR: infected - 14 skipped
I:\Speciale\Noter\Dispositiontherealdeal.doc Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#4
mathiaspoulsen

mathiaspoulsen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
And Deckards two logs:

Deckard's System Scanner v20071014.68
Run by Mathias Poulsen on 2008-05-29 22:32:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mathias Poulsen.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:41, on 29-05-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mathias Poulsen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MATHIA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {E218C729-921F-45A6-94B8-C901B16CBA62} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8509 bytes

-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 13:09:35 0 d-------- C:\Users\All Users\CyberLink
2008-05-29 13:09:07 0 d-------- C:\Program Files\Fraps
2008-05-29 13:03:36 0 d-------- C:\Program Files\CyberLink
2008-05-29 12:43:10 0 d-------- C:\Windows\LastGood
2008-05-29 11:42:20 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-29 11:42:20 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-29 01:48:03 123376 --ah----- C:\Windows\system32\mlfcache.dat
2008-05-29 01:27:53 0 d-------- C:\Program Files\Picasa2
2008-05-29 01:23:11 0 d-------- C:\Downloads
2008-05-27 15:19:03 0 d-------- C:\Program Files\Panda Security
2008-05-27 14:28:51 176235 --a------ C:\Windows\system32\Primomonnt.dll
2008-05-27 14:28:47 0 d-------- C:\Windows\PrimoPDF4
2008-05-27 14:28:46 0 d-------- C:\Program Files\activePDF
2008-05-27 12:57:29 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-27 12:57:17 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 12:05:56 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-27 12:05:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 12:01:47 0 d-------- C:\Windows\system32\appmgmt
2008-05-27 11:44:47 0 d-------- C:\Program Files\Trend Micro
2008-05-27 11:43:28 0 d-------- C:\VundoFix Backups
2008-05-27 00:22:13 0 d-------- C:\Users\All Users\TechSmith
2008-05-27 00:22:08 0 d-------- C:\Program Files\TechSmith
2008-05-27 00:21:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 23:31:50 171136 -rahs---- C:\grldr
2008-05-26 22:16:19 1276 --ahs---- C:\Windows\system32\wEfNTvut.ini2
2008-05-26 22:04:46 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-23 16:11:24 0 d-------- C:\Users\All Users\Gamespot
2008-05-23 16:11:23 0 d-------- C:\Program Files\GameSpot
2008-05-23 16:02:44 0 d-------- C:\Users\All Users\Media Center Programs
2008-05-23 13:14:10 520192 --a------ C:\Windows\system32\Grand Theft Auto IV Screenshot.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-05-23 13:14:10 0 d-------- C:\Windows\system32\Grand Theft Auto IV Screenshot dir
2008-05-23 11:15:53 0 d-------- C:\Program Files\VideoLAN
2008-05-23 11:15:24 0 d-------- C:\Program Files\Frameworkx
2008-05-22 23:38:10 0 d-------- C:\Program Files\Common Files\Steam
2008-05-22 23:38:08 0 d-------- C:\Program Files\Steam
2008-05-22 21:55:52 0 d-------- C:\PerfLogs
2008-05-22 11:01:17 0 d-------- C:\Users\All Users\Nero
2008-05-22 11:01:17 0 d-------- C:\Program Files\Nero
2008-05-21 13:58:22 192000 --a------ C:\Windows\NCFOM_screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-05-21 13:58:18 0 d-------- C:\Windows\NCFOM_screensaver dir
2008-05-21 13:58:18 12288 --a------ C:\Windows\impborl.dll
2008-05-21 13:58:18 545280 --a------ C:\Windows\flashax.exe <Not Verified; Microsoft Corporation; Microsoft® Windows NT® Operating System>
2008-05-21 13:53:38 0 d-------- C:\Program Files\UselessCreations
2008-05-21 03:00:47 0 d-------- C:\Program Files\MSXML 4.0
2008-05-20 17:18:24 0 d-------- C:\Program Files\ffdshow
2008-05-20 14:43:27 0 d-------- C:\Program Files\Runtime Software
2008-05-20 14:11:24 0 d-------- C:\Program Files\Google
2008-05-17 00:10:47 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-05-16 23:15:10 0 d-------- C:\Users\All Users\LogiShrd
2008-05-16 22:26:53 0 d-------- C:\Users\All Users\Logitech
2008-05-16 22:26:51 0 d-------- C:\Program Files\Common Files\Logishrd
2008-05-16 22:26:48 0 d-------- C:\Program Files\Logitech
2008-05-16 22:14:16 545 --a------ C:\Windows\UC.PIF
2008-05-16 22:14:16 545 --a------ C:\Windows\RAR.PIF
2008-05-16 22:14:16 545 --a------ C:\Windows\PKZIP.PIF
2008-05-16 22:14:16 545 --a------ C:\Windows\PKUNZIP.PIF
2008-05-16 22:14:16 545 --a------ C:\Windows\NOCLOSE.PIF
2008-05-16 22:14:16 545 --a------ C:\Windows\LHA.PIF
2008-05-16 22:14:16 545 --a------ C:\Windows\ARJ.PIF
2008-05-16 22:14:07 0 d-------- C:\Program Files\TC
2008-05-16 22:06:03 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-05-16 22:06:02 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-05-16 22:06:01 0 d-------- C:\Program Files\Sony Ericsson
2008-05-16 22:05:50 0 d-------- C:\Windows\Downloaded Installations
2008-05-16 22:03:15 0 d-------- C:\Users\All Users\Teleca
2008-05-16 22:03:15 0 d-------- C:\Users\All Users\Sony Ericsson
2008-05-16 13:15:48 2580 --a------ C:\Windows\mozver.dat
2008-05-16 11:10:33 0 d-------- C:\Program Files\CCleaner
2008-05-16 10:32:49 115200 --a------ C:\Windows\system32\UnzDll.dll <Not Verified; ; BCB/Delphi UnZip>
2008-05-16 10:32:49 147456 --a------ C:\Windows\system32\Twavbx32.dll
2008-05-16 10:32:49 9216 --a------ C:\Windows\system32\TWASFI.DLL
2008-05-16 10:32:49 102400 --a------ C:\Windows\system32\Twasbb01.dll
2008-05-16 10:32:49 18432 --a------ C:\Windows\system32\TWAIED02.DLL
2008-05-16 10:32:49 69632 --a------ C:\Windows\system32\TwaBcu01.dll <Not Verified; TEXTware A/S; TEXTware A/S TwaBcu01>
2008-05-16 10:32:49 70656 --a------ C:\Windows\system32\polspell.dll <Not Verified; Polar; Polar SpellChecker ActiveX Control Module>
2008-05-16 10:32:49 143360 --a------ C:\Windows\system32\ILXTBS.DLL
2008-05-16 10:32:49 143360 --a------ C:\Windows\system32\ILXTBL.DLL
2008-05-16 10:32:49 143360 --a------ C:\Windows\system32\ILXIMC.DLL
2008-05-16 10:32:49 322048 --a------ C:\Windows\system32\IllViSup.dll
2008-05-16 10:32:49 205312 --a------ C:\Windows\system32\Illprs.dll <Not Verified; TEXTware A/S; Illuminator 2.0>
2008-05-16 10:32:49 160768 --a------ C:\Windows\system32\ILLKRN.DLL <Not Verified; TEXTware A/S; Illuminator 2.0>
2008-05-16 10:32:48 297472 --a------ C:\Windows\system32\ltkrn10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-05-16 10:32:48 114176 --a------ C:\Windows\system32\ltimg10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-05-16 10:32:48 103424 --a------ C:\Windows\system32\ltfil10N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-05-16 10:32:48 231424 --a------ C:\Windows\system32\LTDIS10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-05-16 10:32:48 134144 --a------ C:\Windows\system32\lfpng10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-05-16 10:32:48 266752 --a------ C:\Windows\system32\LFCMP10N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-05-16 10:32:48 34304 --a------ C:\Windows\system32\lfbmp10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-05-16 10:32:48 0 d-------- C:\Program Files\TEXTware
2008-05-16 10:32:46 0 d-------- C:\Program Files\Gyldendal
2008-05-16 10:32:35 307200 --a------ C:\Windows\IsUn0406.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-16 08:09:18 0 d-------- C:\Program Files\Polob32
2008-05-16 08:01:17 0 d-------- C:\Program Files\DAEMON Tools
2008-05-16 07:57:13 685816 --a------ C:\Windows\system32\drivers\sptd.sys
2008-05-16 07:56:16 0 d-------- C:\Program Files\Winamp
2008-05-16 07:53:07 0 --a------ C:\Windows\nsreg.dat
2008-05-16 07:52:55 0 d-------- C:\Windows\Sun
2008-05-16 07:52:16 0 d-------- C:\Program Files\Java
2008-05-16 07:51:43 0 d-------- C:\Program Files\Common Files\Java
2008-05-16 07:49:36 0 d-------- C:\Users\All Users\Adobe
2008-05-16 07:49:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-16 07:47:08 0 d-------- C:\Program Files\Microsoft Works
2008-05-16 07:46:04 0 d-------- C:\Windows\PCHEALTH
2008-05-16 07:46:04 0 d-------- C:\Program Files\Microsoft.NET
2008-05-16 07:44:31 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-16 07:43:29 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-16 07:42:51 0 dr-h----- C:\MSOCache
2008-05-16 00:41:26 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-16 00:41:09 0 d-------- C:\Program Files\Windows Live
2008-05-16 00:41:02 0 d-------- C:\Users\All Users\WLInstaller
2008-05-16 00:30:14 0 d-------- C:\Windows\system32\Macromed
2008-05-16 00:01:04 0 d-------- C:\Users\All Users\Grisoft
2008-05-16 00:00:46 0 d-------- C:\UNISECUR
2008-05-16 00:00:07 0 d-------- C:\Windows\Panther
2008-05-15 23:59:52 0 d--hs---- C:\Boot
2008-05-15 23:58:44 0 d-------- C:\Users\All Users\NVIDIA
2008-05-15 23:54:23 0 d-a------ C:\Users\All Users\TEMP
2008-05-15 23:54:18 118784 --a------ C:\Windows\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-15 23:54:17 0 d-------- C:\Program Files\SpywareBlaster
2008-05-15 23:53:20 0 d-------- C:\Program Files\Alwil Software
2008-05-15 23:50:12 143360 -r------- C:\Windows\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-05-15 23:50:10 1953792 -r------- C:\Windows\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-05-15 23:50:10 0 d-------- C:\RaidTool
2008-05-15 23:49:56 0 d-------- C:\Windows\RaidTool
2008-05-15 23:46:22 0 d-------- C:\Windows\system32\Attansic
2008-05-15 23:43:44 0 d-------- C:\Windows\system32\RTCOM
2008-05-15 23:43:14 0 d-------- C:\Program Files\Realtek
2008-05-15 23:43:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 23:42:28 520192 -r------- C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-15 23:42:28 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-15 23:42:23 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-15 23:41:10 0 d-------- C:\Windows\ASUSInstAll
2008-05-15 23:35:19 0 d-------- C:\Program Files\Intel
2008-05-15 23:35:12 0 d-------- C:\Intel
2008-05-15 23:34:21 10288 --a------ C:\Windows\system32\drivers\ASUSHWIO.SYS
2008-05-15 23:32:05 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-05-15 23:32:01 0 d-------- C:\Program Files\ClonySoft
2008-05-15 23:31:25 0 d--hs---- C:\Windows\Installer
2008-05-15 23:27:35 0 dr------- C:\Users\Mathias Poulsen\Searches
2008-05-15 23:27:27 0 dr------- C:\Users\Mathias Poulsen\Contacts
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Skabeloner
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\SendTo
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Recent
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Printere
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Menuen Start
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Lokale indstillinger
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Dokumenter
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Cookies
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Application Data
2008-05-15 23:27:24 0 d--hs---- C:\Users\Mathias Poulsen\Andre computere
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Videos
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Saved Games
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Pictures
2008-05-15 23:27:23 2359296 --ahs---- C:\Users\Mathias Poulsen\NTUSER.DAT
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Music
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Links
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Favorites
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Downloads
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Documents
2008-05-15 23:27:23 0 dr------- C:\Users\Mathias Poulsen\Desktop
2008-05-15 23:27:23 0 d--h----- C:\Users\Mathias Poulsen\AppData
2008-05-15 23:25:55 0 d--hs---- C:\Program Files\Fælles filer
2008-05-15 23:25:54 0 d--hs---- C:\Users\Default\Skabeloner
2008-05-15 23:25:54 0 d--hs---- C:\Users\Default\Printere
2008-05-15 23:25:54 0 d--hs---- C:\Users\Default\Menuen Start
2008-05-15 23:25:54 0 d--hs---- C:\Users\Default\Lokale indstillinger
2008-05-15 23:25:54 0 d--hs---- C:\Users\Default\Dokumenter
2008-05-15 23:25:54 0 d--hs---- C:\Users\Default\Andre computere
2008-05-15 23:25:54 0 d--hs---- C:\Users\All Users\Skrivebord
2008-05-15 23:25:54 0 d--hs---- C:\Users\All Users\Skabeloner
2008-05-15 23:25:54 0 d--hs---- C:\Users\All Users\Menuen Start
2008-05-15 23:25:54 0 d--hs---- C:\Users\All Users\Favoritter
2008-05-15 23:25:54 0 d--hs---- C:\Users\All Users\Dokumenter
2008-05-15 23:25:54 0 d--hs---- C:\Programmer <PROGRA~1>
2008-05-15 23:03:34 0 d-------- C:\Windows\SoftwareDistribution
2008-05-15 23:02:25 0 d-------- C:\Windows\system32\catroot2
2008-05-15 23:02:17 0 d-------- C:\Windows\Debug
2008-05-15 23:02:17 0 d-------- C:\Windows\CSC
2008-05-15 23:01:11 0 d-------- C:\Windows\Prefetch
2008-05-15 13:02:18 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-05-29 22:06:39 6025 --a------ C:\Users\Mathias Poulsen\AppData\Roaming\PrimoPDFSet.xml
2008-05-29 01:23:55 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\GetRightToGo
2008-05-29 01:23:43 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\CursorArts
2008-05-27 14:43:33 224 --a------ C:\Users\Mathias Poulsen\AppData\Roaming\APUSet.xml
2008-05-27 12:57:17 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\SUPERAntiSpyware.com
2008-05-27 12:06:05 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Malwarebytes
2008-05-27 12:05:37 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Download Manager
2008-05-27 11:59:23 0 d-------- C:\Program Files\Common Files
2008-05-26 19:55:02 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Vso
2008-05-26 19:55:02 33 --a------ C:\Users\Mathias Poulsen\AppData\Roaming\pcouffin.log
2008-05-26 19:55:01 7887 --a------ C:\Users\Mathias Poulsen\AppData\Roaming\pcouffin.cat
2008-05-25 14:33:36 466064 --a------ C:\Windows\system32\perfh006.dat
2008-05-25 14:33:36 78004 --a------ C:\Windows\system32\perfc006.dat
2008-05-25 00:58:47 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft Games
2008-05-25 00:51:09 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\WinRAR
2008-05-25 00:05:41 0 d-------- C:\Program Files\Microsoft Games
2008-05-24 01:03:51 0 dr-h----- C:\Users\Mathias Poulsen\AppData\Roaming\SecuROM
2008-05-23 16:11:24 6897 --a------ C:\Program Files\install.log
2008-05-23 12:55:51 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Gyldendal
2008-05-23 12:55:46 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\TEXTware
2008-05-22 22:02:52 174 --ahs---- C:\Program Files\desktop.ini
2008-05-22 21:56:22 0 d-------- C:\Program Files\Windows Calendar
2008-05-22 21:56:21 0 d-------- C:\Program Files\Windows Sidebar
2008-05-22 21:56:21 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-22 21:56:21 0 d-------- C:\Program Files\Windows Mail
2008-05-22 21:56:21 0 d-------- C:\Program Files\Windows Journal
2008-05-22 21:56:21 0 d-------- C:\Program Files\Windows Collaboration
2008-05-22 21:56:21 0 d-------- C:\Program Files\Movie Maker
2008-05-22 21:56:20 0 d-------- C:\Program Files\Windows Defender
2008-05-22 11:04:11 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Nero
2008-05-22 00:10:20 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Winamp
2008-05-17 09:47:00 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Teleca
2008-05-16 23:58:55 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Adobe
2008-05-16 23:15:10 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Logitech
2008-05-16 22:26:48 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\InstallShield
2008-05-16 22:14:07 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\GHISLER
2008-05-16 22:06:13 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Sony Ericsson
2008-05-16 07:53:05 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla
2008-05-16 07:46:53 0 d-------- C:\Program Files\MSBuild
2008-05-16 00:30:15 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Macromedia
2008-05-16 00:01:10 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Grisoft
2008-05-15 23:31:24 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\ClonySoft
2008-05-15 23:27:28 0 d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Identities
2008-05-15 23:25:55 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E218C729-921F-45A6-94B8-C901B16CBA62}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19-01-2008 09:38]
"RtHDVCpl"="RtHDVCpl.exe" [23-03-2007 21:04 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [20-03-2007 16:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29-03-2008 19:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 11:25]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24-08-2007 07:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01-04-2008 20:49]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [13-06-2007 08:16]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-2007 02:17 C:\Windows\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15-07-2005 23:48]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11-12-2007 17:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11-12-2007 17:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11-12-2007 17:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [07-02-2007 16:24]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [07-02-2007 16:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [29-08-2007 17:09]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [13-05-2008 12:43]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16-05-2008 22:26:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13-05-2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19-04-2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\tuvTNfEw

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b586c7-22c9-11dd-8512-806e6f6e6963}]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c6f39ba-230d-11dd-8a94-001d6045e152}]
AutoRun\command- H:\autorun.exe
setup\command- H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4b0410-22c1-11dd-913e-806e6f6e6963}]
AutoRun\command- F:\.\Bin\Assetup.exe

*Newly Created Service* - {95808DC4-FA4A-4C74-92FE-5B863F82066B}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-29 22:33:21 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: Other (0406) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 3326.19 MiB / 2091.83 MiB
Pagefile Memory (total/avail): 6895.39 MiB / 5593.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1879.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 349.39 GiB total, 299.89 GiB free.
D: is Fixed (NTFS) - 372.61 GiB total, 118.4 GiB free.
E: is Fixed (NTFS) - 349.25 GiB total, 160.86 GiB free.
F: is CDROM (UDF)
G: is CDROM (No Media)
H: is CDROM (UDF)
I: is Fixed (FAT32) - 76.54 GiB total, 21.88 GiB free.
J: is Fixed (NTFS) - 72.47 GiB total, 16.43 GiB free.

\\.\PHYSICALDRIVE1 - SAMSUNG HD403LJ ATA Device - 372.61 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 372.61 GiB - D: - D:

\\.\PHYSICALDRIVE0 - SAMSUNG HD753LJ ATA Device - 698.64 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 349.39 GiB - C:
\PARTITION1 - Installable File System - 349.25 GiB - E:

\\.\PHYSICALDRIVE2 - WD 1600BEVExternal USB Device - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 76.57 GiB - I:
\PARTITION1 - Extended w/Extended Int 13 - 72.47 GiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080529-0] v4.8.1169 (ALWIL Software)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 1, 0, 1046 (SUPERAntiSpyware.com)
AS: avast! antivirus 4.8.1169 [VPS 080529-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Mathias Poulsen\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MPPC
ComSpec=C:\Windows\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Mathias Poulsen
LOCALAPPDATA=C:\Users\Mathias Poulsen\AppData\Local
LOGONSERVER=\\MPPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\MATHIA~1\AppData\Local\Temp
TMP=C:\Users\MATHIA~1\AppData\Local\Temp
USERDOMAIN=MPPC
USERNAME=Mathias Poulsen
USERPROFILE=C:\Users\Mathias Poulsen
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Mathias Poulsen (admin)


-- Add/Remove Programs ---------------------------------------------------------

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0406-0000-0000000FF1CE} /uninstall {AAA2F315-90E9-40B3-8F83-4E52A5B461B2}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0406-0000-0000000FF1CE} /uninstall {C378B07F-6A3F-44DB-B340-AADCED1A3B4C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0100-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0101-0406-0000-0000000FF1CE} /uninstall {C0223E33-0993-416D-A389-3AD29D4BE333}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Dansk --> MsiExec.exe /I{AC76BA86-7AD7-1030-7B44-A81200000003}
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\Windows\system32\Attansic\L1\atcInst.dll,VisUninst C:\Windows\system32\Attansic\L1 x86 pci\ven_1969&dev_1048
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
Fraps --> "C:\Program Files\Fraps\uninstall.exe"
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
Gears of War --> C:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0409
GetDataBack for NTFS --> "C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Grand Theft Auto IV Screenshot Screen Saver --> C:\Windows\system32\Grand Theft Auto IV Screenshot.scr /u
Gyldendals Røde Ordbøger Dansk-Engelsk/Engelsk-Dansk Ordbog --> C:\Windows\IsUn0406.exe -f"C:\Program Files\Gyldendal\DER002GL\Uninst.isu"
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0006 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Office Access MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0015-0406-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0016-0406-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (Danish) 2007 --> MsiExec.exe /X{90120000-00BA-0406-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0044-0406-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 - Danish/dansk --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OMUI.DA-DK /dll OSETUP.DLL
Microsoft Office O MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0100-0406-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Danish) 2007 --> MsiExec.exe /X{90120000-00A1-0406-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Danish) 2007 --> MsiExec.exe /X{90120000-001A-0406-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0018-0406-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (Danish) 2007 --> MsiExec.exe /X{90120000-001F-0406-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Danish) 2007 --> MsiExec.exe /X{90120000-002C-0406-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0019-0406-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Danish) 2007 --> MsiExec.exe /X{90120000-006E-0406-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-0017-0406-0000-0000000FF1CE} /uninstall {8B051E89-F509-438E-BB1D-5FF70B5BF872}
Microsoft Office SharePoint Designer MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0017-0406-0000-0000000FF1CE}
Microsoft Office Word MUI (Danish) 2007 --> MsiExec.exe /X{90120000-001B-0406-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office X MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0101-0406-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NCFOM_screensaver --> C:\Windows\NCFOM_screensaver.scr /u
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Politikens Nudansk Ordbog --> MsiExec.exe /I{C2314384-9A4F-11D5-8A18-0080AD737527}
PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PrimoPDF --> "C:\Windows\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Matrix Trilogy 3D Code Screen Saver v3.4 --> "C:\Program Files\UselessCreations\Matrix3D\uninst.exe"
Tilmeldingsassistent til Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Total Commander (Remove or Repair) --> C:\Program Files\TC\tcuninst.exe
UniveRSS --> rundll32.exe dfshim.dll,ShArpMaintain UniveRSS.application, Culture=neutral, PublicKeyToken=0ad98f39d1bae51a, processorArchitecture=msil
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Shortcut Manager --> MsiExec.exe /I{47609E69-4C5E-48B1-A889-24C6B82B5C04}
Vista x86 OneClick Activator --> MsiExec.exe /I{2876AEE2-A9C9-4585-A46A-44CF451C960E}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{38092A00-F9C8-420F-B5CB-C56F89F94B12}
Windows Live Messenger --> MsiExec.exe /X{1EDF0646-14CE-46FE-8785-9E12E29686DF}
WinRAR a
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello mathiaspoulsen, thanks for the reply.. Please do the following..


Please read my post CAREFULLY before proceed with this step. Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.
For more information regarding this download, please visit this webpage

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Please go HERE to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: DO NOT mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#6
mathiaspoulsen

mathiaspoulsen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey!

Thx again. Here are the requested logs - combofix and hijackthis:

ComboFix 08-05-29.1 - Mathias Poulsen 2008-05-29 23:35:12.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1030.18.1922 [GMT 2:00]
Running from: C:\Users\Mathias Poulsen\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Mathias Poulsen\AppData\Roaming\inst.exe
C:\Windows\system32\vktpxcrc.ini
C:\Windows\System32\wEfNTvut.ini
C:\Windows\System32\wEfNTvut.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 22:25 . 2008-05-29 22:25 <DIR> d-------- C:\Deckard
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\Users\All Users\CyberLink
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\ProgramData\CyberLink
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\Program Files\Fraps
2008-05-29 13:03 . 2008-05-29 13:06 <DIR> d-------- C:\Program Files\CyberLink
2008-05-29 12:43 . 2008-05-29 12:43 <DIR> d-------- C:\Windows\LastGood.Tmp
2008-05-29 11:42 . 2008-05-29 11:42 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-29 11:42 . 2008-05-29 11:42 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-29 11:42 . 2008-05-29 11:42 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-29 03:01 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-05-29 03:01 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-05-29 01:48 . 2008-05-29 01:48 123,376 --ah----- C:\Windows\System32\mlfcache.dat
2008-05-29 01:27 . 2008-05-29 03:03 <DIR> d-------- C:\Program Files\Picasa2
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\GetRightToGo
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\CursorArts
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Downloads
2008-05-29 01:23 . 2008-05-29 01:23 37 --a------ C:\Windows\iltwain.ini
2008-05-27 15:19 . 2008-05-27 15:19 <DIR> d-------- C:\Program Files\Panda Security
2008-05-27 14:28 . 2008-05-27 14:28 <DIR> d-------- C:\Windows\PrimoPDF4
2008-05-27 14:28 . 2008-05-27 14:28 <DIR> d-------- C:\Program Files\activePDF
2008-05-27 14:28 . 2006-12-11 22:12 176,235 --a------ C:\Windows\System32\Primomonnt.dll
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 12:06 . 2008-05-27 12:06 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Download Manager
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 12:05 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-27 12:05 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-27 11:44 . 2008-05-27 11:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 11:43 . 2008-05-27 11:43 <DIR> d-------- C:\VundoFix Backups
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\Users\All Users\TechSmith
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\ProgramData\TechSmith
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\Program Files\TechSmith
2008-05-27 00:21 . 2008-05-27 12:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 23:31 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-05-26 22:04 . 2008-05-26 22:04 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-26 22:04 . 2008-05-26 22:04 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-26 19:53 . 2008-05-26 19:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Vso
2008-05-26 19:53 . 2008-05-26 19:53 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-26 19:53 . 2008-05-26 19:55 47,360 --a------ C:\Users\Mathias Poulsen\AppData\Roaming\pcouffin.sys
2008-05-26 09:50 . 2008-05-26 22:29 49 --a------ C:\Windows\NeroDigital.ini
2008-05-25 00:58 . 2008-05-25 00:58 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft Games
2008-05-24 01:03 . 2008-05-24 01:03 <DIR> dr-h----- C:\Users\Mathias Poulsen\AppData\Roaming\SecuROM
2008-05-24 01:03 . 2008-05-24 01:03 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Users\All Users\Gamespot
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\ProgramData\Gamespot
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Program Files\GameSpot
2008-05-23 16:03 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-05-23 16:03 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
2008-05-23 16:02 . 2008-05-23 16:02 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-05-23 16:02 . 2008-05-23 16:02 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-05-23 13:14 . 2008-05-23 13:14 <DIR> d-------- C:\Windows\System32\Grand Theft Auto IV Screenshot dir
2008-05-23 13:14 . 2008-05-23 13:14 520,192 --a------ C:\Windows\System32\Grand Theft Auto IV Screenshot.scr
2008-05-23 12:55 . 2008-05-23 12:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\TEXTware
2008-05-23 12:55 . 2008-05-23 12:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Gyldendal
2008-05-23 11:15 . 2008-05-23 11:15 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-23 11:15 . 2008-05-23 11:15 <DIR> d-------- C:\Program Files\Frameworkx
2008-05-22 23:38 . 2008-05-24 15:19 <DIR> d-------- C:\Program Files\Steam
2008-05-22 23:38 . 2008-05-23 10:39 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-05-22 21:55 . 2008-05-22 21:55 <DIR> d-------- C:\PerfLogs
2008-05-22 11:04 . 2008-05-22 11:04 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Nero
2008-05-22 11:01 . 2008-05-27 11:59 <DIR> d-------- C:\Users\All Users\Nero
2008-05-22 11:01 . 2008-05-27 11:59 <DIR> d-------- C:\ProgramData\Nero
2008-05-22 11:01 . 2008-05-22 11:01 <DIR> d-------- C:\Program Files\Nero
2008-05-21 13:58 . 2008-05-21 13:59 <DIR> d-------- C:\Windows\NCFOM_screensaver dir
2008-05-21 13:58 . 2008-05-21 13:58 545,280 --a------ C:\Windows\flashax.exe
2008-05-21 13:58 . 2008-05-21 13:58 192,000 --a------ C:\Windows\NCFOM_screensaver.scr
2008-05-21 13:58 . 2008-05-21 13:58 12,288 --a------ C:\Windows\impborl.dll
2008-05-21 13:53 . 2008-05-21 13:53 <DIR> d-------- C:\Program Files\UselessCreations
2008-05-21 11:56 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-21 11:55 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-21 11:54 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-21 11:54 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-21 11:54 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-21 11:54 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-21 11:53 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-21 11:53 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-21 11:53 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-21 11:53 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-21 03:00 . 2008-05-21 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-20 17:18 . 2008-05-20 17:18 <DIR> d-------- C:\Program Files\ffdshow
2008-05-20 14:43 . 2008-05-20 14:43 <DIR> d-------- C:\Program Files\Runtime Software
2008-05-20 14:11 . 2008-05-29 03:01 <DIR> d-------- C:\Program Files\Google
2008-05-17 09:47 . 2008-05-17 09:47 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Teleca
2008-05-17 00:10 . 2008-05-17 00:10 <DIR> d-------- C:\Program Files\Common Files\Microsoft Games
2008-05-17 00:10 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-17 00:10 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-05-17 00:10 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-05-17 00:10 . 2007-03-12 16:42 1,123,696 --a------ C:\Windows\System32\D3DCompiler_33.dll
2008-05-17 00:10 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-05-17 00:10 . 2007-03-15 16:57 443,752 --a------ C:\Windows\System32\d3dx10_33.dll
2008-05-17 00:10 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-05-17 00:10 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-05-17 00:10 . 2006-09-28 16:03 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Logitech
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\Users\All Users\LogiShrd
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\ProgramData\LogiShrd
2008-05-16 22:28 . 2008-05-16 22:28 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-16 22:27 . 2008-05-16 22:27 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-05-16 22:27 . 2008-05-16 22:27 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\InstallShield
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Users\All Users\Logitech
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\ProgramData\Logitech
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Program Files\Logitech
2008-05-16 22:26 . 2008-05-16 22:27 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-05-16 22:26 . 2008-01-09 12:26 301,656 --a------ C:\Windows\System32\BtCoreIf.dll
2008-05-16 22:26 . 2008-01-09 12:27 170,512 --a------ C:\Windows\System32\kemutb.dll
2008-05-16 22:26 . 2008-01-09 12:28 141,840 --a------ C:\Windows\System32\KemUtil.dll
2008-05-16 22:26 . 2008-01-09 12:28 117,264 --a------ C:\Windows\System32\KemWnd.dll
2008-05-16 22:26 . 2008-01-09 12:28 76,304 --a------ C:\Windows\System32\KemXML.dll
2008-05-16 22:14 . 2008-05-16 22:14 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\GHISLER
2008-05-16 22:14 . 2008-05-16 22:14 <DIR> d-------- C:\Program Files\TC
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\UC.PIF
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\RAR.PIF
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\PKZIP.PIF
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\PKUNZIP.PIF
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\NOCLOSE.PIF
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\LHA.PIF
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\ARJ.PIF
2008-05-16 22:06 . 2008-05-16 22:06 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Sony Ericsson
2008-05-16 22:06 . 2008-05-16 22:06 <DIR> d-------- C:\Program Files\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 22:05 --------- d-----w C:\Program Files\Microsoft Games
2008-05-23 14:11 6,897 ----a-w C:\Program Files\install.log
2008-05-22 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 05:46 --------- d-----w C:\Program Files\MSBuild
2008-05-15 21:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Skrivebord
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Skabeloner
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Menuen Start
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Favoritter
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Dokumenter
2008-05-15 21:25 --------- d-sh--w C:\Program Files\Fælles filer
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E218C729-921F-45A6-94B8-C901B16CBA62}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 21:04 4423680 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-16 22:26:56 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1828222192-4269986764-523784577-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B3F3055-9B3E-421B-B075-BE878B70E969}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FEF1B852-3EB7-40FB-A381-BD37184D3BC4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DF7C2C9F-016D-439C-A1CE-B0C4DC8FAF22}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0EE2C32D-7FDB-49A9-A4B8-78B3CEA704D8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC5E947E-ACD1-4ABD-8918-47ABA74C230B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{898BF6F1-B1EA-4610-B4B5-32E86C2B542C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F066F6A-B0E7-4C44-A9A2-9033BF099056}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4A348EF-B07A-450D-84F8-AFE4C5BD0288}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2A447842-6A7D-49AC-9D90-341915715506}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9EE3D8E4-304E-4CDC-A2A4-A04861ADDB60}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C7B011E-30E0-42AF-8EB9-952359127104}"= UDP:D:\Spil\World in Conflict\wic.exe:World in Conflict
"{41ABAFF8-79AB-491D-9754-791FBF15E875}"= TCP:D:\Spil\World in Conflict\wic.exe:World in Conflict
"{B6F3F045-C976-45F5-80CC-9DC62E007C63}"= UDP:D:\Spil\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{4B5E9ECF-FC46-48F5-84D5-18F61A58621D}"= TCP:D:\Spil\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{28120364-A9B5-499B-8CCD-2843DE989CAB}"= UDP:D:\Spil\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{13C99D73-D005-491D-A8E1-616296B4CF11}"= TCP:D:\Spil\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{4949D4FE-3103-4576-A527-6B12D0485CB3}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{E65CA24B-5DEB-40AC-8728-785BCEABB593}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"TCP Query User{098B573C-484C-4BEC-84DB-5E244B1988F7}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{69270A48-291B-4024-ABEA-289E0F526BF6}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{1D7F1E7F-0794-4985-84AA-D3006424D043}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 16:41]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-05-15 23:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-22 23:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b586c7-22c9-11dd-8512-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c6f39ba-230d-11dd-8a94-001d6045e152}]
\shell\AutoRun\command - H:\autorun.exe
\shell\setup\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4b0410-22c1-11dd-913e-806e6f6e6963}]
\shell\AutoRun\command - F:\.\Bin\Assetup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 21:07:16 C:\Windows\Tasks\User_Feed_Synchronization-{9B227598-A68A-4D29-BA34-847B9F5834E0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 23:38:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Windows\TEMP\_avast4_\unp124127981.tmp 4259840 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-29 23:41:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 21:40:54

Pre-Run: 321,310,429,184 byte ledig
Post-Run: 321,336,246,272 byte ledig

280 --- E O F --- 2008-05-23 08:44:06


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:43, on 29-05-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {E218C729-921F-45A6-94B8-C901B16CBA62} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7950 bytes
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following..


Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b586c7-22c9-11dd-8512-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c6f39ba-230d-11dd-8a94-001d6045e152}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4b0410-22c1-11dd-913e-806e6f6e6963}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E218C729-921F-45A6-94B8-C901B16CBA62}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
mathiaspoulsen

mathiaspoulsen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here's Combo and Hijackthis logs:


ComboFix 08-05-29.1 - Mathias Poulsen 2008-05-30 1:24:53.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1030.18.2139 [GMT 2:00]
Running from: C:\Users\Mathias Poulsen\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mathias Poulsen\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 11:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-29 11:09 --------- d-----w C:\ProgramData\CyberLink
2008-05-29 11:09 --------- d-----w C:\Program Files\Fraps
2008-05-29 11:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 11:06 --------- d-----w C:\Program Files\CyberLink
2008-05-29 09:42 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-29 01:03 --------- d-----w C:\Program Files\Picasa2
2008-05-29 01:01 --------- d-----w C:\Program Files\Google
2008-05-28 23:23 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\GetRightToGo
2008-05-28 23:23 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\CursorArts
2008-05-27 13:19 --------- d-----w C:\Program Files\Panda Security
2008-05-27 12:28 --------- d-----w C:\Program Files\activePDF
2008-05-27 10:57 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\SUPERAntiSpyware.com
2008-05-27 10:57 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-05-27 10:57 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-27 10:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 10:06 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Malwarebytes
2008-05-27 10:05 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Download Manager
2008-05-27 10:05 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-27 10:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 09:59 --------- d-----w C:\ProgramData\Nero
2008-05-27 09:44 --------- d-----w C:\Program Files\Trend Micro
2008-05-26 22:22 --------- d-----w C:\ProgramData\TechSmith
2008-05-26 22:22 --------- d-----w C:\Program Files\TechSmith
2008-05-26 21:36 --------- d---a-w C:\ProgramData\TEMP
2008-05-26 21:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-26 20:04 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-05-26 17:55 47,360 ----a-w C:\Users\Mathias Poulsen\AppData\Roaming\pcouffin.sys
2008-05-26 17:55 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Vso
2008-05-26 17:53 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-05-24 22:58 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft Games
2008-05-24 22:05 --------- d-----w C:\Program Files\Microsoft Games
2008-05-24 13:19 --------- d-----w C:\Program Files\Steam
2008-05-23 23:03 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-23 23:03 --------- d--h--r C:\Users\Mathias Poulsen\AppData\Roaming\SecuROM
2008-05-23 14:11 6,897 ----a-w C:\Program Files\install.log
2008-05-23 14:11 --------- d-----w C:\ProgramData\Gamespot
2008-05-23 14:11 --------- d-----w C:\Program Files\GameSpot
2008-05-23 14:02 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-23 11:14 520,192 ----a-w C:\Windows\System32\Grand Theft Auto IV Screenshot.scr
2008-05-23 10:55 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\TEXTware
2008-05-23 10:55 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Gyldendal
2008-05-23 09:15 --------- d-----w C:\Program Files\VideoLAN
2008-05-23 09:15 --------- d-----w C:\Program Files\Frameworkx
2008-05-23 08:39 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-22 20:04 --------- d-----w C:\ProgramData\NVIDIA
2008-05-22 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-05-22 13:35 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-22 13:35 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-22 09:04 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Nero
2008-05-22 09:01 --------- d-----w C:\Program Files\Nero
2008-05-21 22:10 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Winamp
2008-05-21 11:58 545,280 ----a-w C:\Windows\flashax.exe
2008-05-21 11:58 192,000 ----a-w C:\Windows\NCFOM_screensaver.scr
2008-05-21 11:58 12,288 ----a-w C:\Windows\impborl.dll
2008-05-21 11:53 --------- d-----w C:\Program Files\UselessCreations
2008-05-21 01:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-20 15:18 --------- d-----w C:\Program Files\ffdshow
2008-05-20 12:43 --------- d-----w C:\Program Files\Runtime Software
2008-05-17 07:47 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Teleca
2008-05-16 22:10 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-05-16 21:15 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Logitech
2008-05-16 21:15 --------- d-----w C:\ProgramData\LogiShrd
2008-05-16 20:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-16 20:27 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-05-16 20:27 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-05-16 20:27 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-05-16 20:26 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\InstallShield
2008-05-16 20:26 --------- d-----w C:\ProgramData\Logitech
2008-05-16 20:26 --------- d-----w C:\Program Files\Logitech
2008-05-16 20:14 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\GHISLER
2008-05-16 20:14 --------- d-----w C:\Program Files\TC
2008-05-16 20:06 --------- d-----w C:\Users\Mathias Poulsen\AppData\Roaming\Sony Ericsson
2008-05-16 20:06 --------- d-----w C:\ProgramData\Teleca
2008-05-16 20:06 --------- d-----w C:\ProgramData\Sony Ericsson
2008-05-16 20:06 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-16 20:06 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-16 20:06 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-05-16 09:10 --------- d-----w C:\Program Files\CCleaner
2008-05-16 08:32 --------- d-----w C:\Program Files\TEXTware
2008-05-16 08:32 --------- d-----w C:\Program Files\Gyldendal
2008-05-16 06:15 --------- d-----w C:\Program Files\Windows Live
2008-05-16 06:09 --------- d-----w C:\Program Files\Polob32
2008-05-16 06:07 --------- d-----w C:\ProgramData\WLInstaller
2008-05-16 06:01 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-16 05:57 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-05-16 05:56 --------- d-----w C:\Program Files\Winamp
2008-05-16 05:52 --------- d-----w C:\Program Files\Java
2008-05-16 05:51 --------- d-----w C:\Program Files\Common Files\Java
2008-05-16 05:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 05:47 --------- d-----w C:\Program Files\Microsoft Works
2008-05-16 05:46 --------- d-----w C:\Program Files\MSBuild
2008-05-16 05:46 --------- d-----w C:\Program Files\Microsoft.NET
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( [email protected]_23.40.31.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-29 23:24:47 6,336,512 ----a-w C:\Windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2008-05-29 21:38:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-29 21:38:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-29 21:38:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 21:40:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-29 21:38:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 21:39:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-27 10:47:04 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-29 21:43:44 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-29 09:21:48 5,866 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1828222192-4269986764-523784577-1000_UserData.bin
+ 2008-05-29 21:40:31 6,112 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1828222192-4269986764-523784577-1000_UserData.bin
- 2008-05-29 09:21:48 64,458 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 21:40:30 64,882 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 19:57:03 104,774,055 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-29 21:43:22 105,210,977 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll
+ 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll
+ 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll
+ 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll
+ 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll
+ 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll
+ 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll
+ 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll
+ 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll
+ 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll
+ 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll
+ 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll
+ 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll
+ 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll
+ 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll
+ 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll
+ 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll
+ 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll
+ 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll
+ 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 21:04 4423680 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-16 22:26:56 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1828222192-4269986764-523784577-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B3F3055-9B3E-421B-B075-BE878B70E969}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FEF1B852-3EB7-40FB-A381-BD37184D3BC4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DF7C2C9F-016D-439C-A1CE-B0C4DC8FAF22}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0EE2C32D-7FDB-49A9-A4B8-78B3CEA704D8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC5E947E-ACD1-4ABD-8918-47ABA74C230B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{898BF6F1-B1EA-4610-B4B5-32E86C2B542C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F066F6A-B0E7-4C44-A9A2-9033BF099056}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4A348EF-B07A-450D-84F8-AFE4C5BD0288}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2A447842-6A7D-49AC-9D90-341915715506}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9EE3D8E4-304E-4CDC-A2A4-A04861ADDB60}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C7B011E-30E0-42AF-8EB9-952359127104}"= UDP:D:\Spil\World in Conflict\wic.exe:World in Conflict
"{41ABAFF8-79AB-491D-9754-791FBF15E875}"= TCP:D:\Spil\World in Conflict\wic.exe:World in Conflict
"{B6F3F045-C976-45F5-80CC-9DC62E007C63}"= UDP:D:\Spil\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{4B5E9ECF-FC46-48F5-84D5-18F61A58621D}"= TCP:D:\Spil\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{28120364-A9B5-499B-8CCD-2843DE989CAB}"= UDP:D:\Spil\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{13C99D73-D005-491D-A8E1-616296B4CF11}"= TCP:D:\Spil\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{4949D4FE-3103-4576-A527-6B12D0485CB3}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{E65CA24B-5DEB-40AC-8728-785BCEABB593}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"TCP Query User{098B573C-484C-4BEC-84DB-5E244B1988F7}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{69270A48-291B-4024-ABEA-289E0F526BF6}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{1D7F1E7F-0794-4985-84AA-D3006424D043}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 16:41]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-05-15 23:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-22 23:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 21:07:16 C:\Windows\Tasks\User_Feed_Synchronization-{9B227598-A68A-4D29-BA34-847B9F5834E0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 01:26:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x0000006E

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-30 1:27:28
ComboFix-quarantined-files.txt 2008-05-29 23:27:24
ComboFix2.txt 2008-05-29 21:41:10

Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.

252 --- E O F --- 2008-05-29 21:58:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:31:00, on 30-05-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7509 bytes
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following..

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please tell me about your computer condition..


Regards
fenzodahl512
  • 0

#10
mathiaspoulsen

mathiaspoulsen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again.

Here's the log from Kaspersky Online - i found some threats.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 1:31:40 PM
Operating System: Microsoft Windows Vista Professional, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 814763
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 184889
Number of viruses found: 12
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 01:40:46

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Users\MATHIA~1\AppData\Local\Temp\tmp000082c5 Infected: Trojan.Win32.Agent.qrv skipped
C:\Deckard\System Scanner\backup\Users\MATHIA~1\AppData\Local\Temp\tmp00008f91 Infected: Trojan.Win32.Agent.qrv skipped
C:\Deckard\System Scanner\backup\Users\MATHIA~1\AppData\Local\Temp\tmp0000cfdb Infected: Trojan.Win32.Agent.qrv skipped
C:\Deckard\System Scanner\backup\Users\MATHIA~1\AppData\Local\Temp\tmp0000d171 Infected: Trojan.Win32.Agent.qrv skipped
C:\Deckard\System Scanner\backup\Users\MATHIA~1\AppData\Local\Temp\tmp0000ef9b Infected: Trojan.Win32.Agent.qrv skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident (overvågende) beskyttelse.txt Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.14.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.14.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy30.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfC725.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfC726.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\kong_mat[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\dfsr.db Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\fsr.log Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\fsrtmp.log Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\tmp.edb Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053020080531\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat{ba888673-22c2-11dd-92cb-a12ed76628ba}.TM.blf Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat{ba888673-22c2-11dd-92cb-a12ed76628ba}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows\UsrClass.dat{ba888673-22c2-11dd-92cb-a12ed76628ba}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Mozilla\Firefox\Profiles\wuhk8hor.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Mozilla\Firefox\Profiles\wuhk8hor.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Mozilla\Firefox\Profiles\wuhk8hor.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Mozilla\Firefox\Profiles\wuhk8hor.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Mozilla\Firefox\Profiles\wuhk8hor.default\XUL.mfl Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DF1E10.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DF1E75.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DF58F0.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Local\Temp\~DF5900.tmp Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\cert8.db Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\formhistory.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\foxmarks.log Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\history.dat Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\key3.db Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\parent.lock Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\search.sqlite Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\Mozilla\Firefox\Profiles\wuhk8hor.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Mathias Poulsen\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-30-2008( 11-31-30 ).LOG Object is locked skipped
C:\Users\Mathias Poulsen\NTUSER.DAT Object is locked skipped
C:\Users\Mathias Poulsen\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Mathias Poulsen\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Mathias Poulsen\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\Mathias Poulsen\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Mathias Poulsen\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\CSC\v2.0.6\temp\ea-{5d142b56-2839-11dd-837c-001d6045e152} Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso ISOimage: infected - 3 skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition 8.1.1.4+KeyMaker\Nero-8.1.1.4_eng_update.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra Edition 8.1.1.4+KeyMaker\Nero-8.1.1.4_eng_update.exe 7-Zip: infected - 1 skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra New version 8.3.2.1 With Working Keygen.zip/Nero 8 Ultra New version 8.3.2.1 With Working Keygen/Nero 8 Ultra v8.3.2.1.exe Infected: Trojan-Dropper.Win32.Agent.b skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8 Ultra New version 8.3.2.1 With Working Keygen.zip ZIP: infected - 1 skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8.3.2.1\Nero-8.3.2.1_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Downloads\Programmer\Dvd, brænding ol\Nero 8.3.2.1\Nero-8.3.2.1_eng_trial.exe 7-Zip: infected - 1 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/BOSON/GETPASS.EXE Infected: not-a-virus:PSWTool.Win32.GetPass.e skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/KEYFINDER/KEYFINDER.EXE/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/KEYFINDER/KEYFINDER.EXE/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/KEYFINDER/KEYFINDER.EXE/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/KEYFINDER/KEYFINDER.EXE Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/UTILSPACK3/MAILPASSVIEW.EXE Infected: not-a-virus:PSWTool.Win32.MailPassView.130 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/UTILSPACK3/MESSENGERPW.EXE Infected: not-a-virus:PSWTool.Win32.Messen.102 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/mIRC.exe/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/UTILSPACK2/PASSVIEW.EXE Infected: not-a-virus:PSWTool.Win32.PassView.162 skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/SYSINTTOOLS/PSEXEC.EXE Infected: not-a-virus:NetTool.Win32.RemoteStartProcess.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/SYSINTTOOLS/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/REMOTE/VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar/setup/WinPE/PROGRAMS/ULTRAVNC/VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar RAR: infected - 14 skipped
I:\Speciale\Noter\Afsnit mm\En læringsteoretisk skitse.doc Object is locked skipped
I:\Speciale\Noter\Noter til tekster\Between School and work – new perspectives on transfer and boundary-crossing.doc Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

Advertisements


#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello mathiaspoulsen, thanks for the reply.. Please do the following..


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
D:\Downloads\Programmer\Dvd, br‘nding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso
D:\Downloads\Programmer\Dvd, br‘nding ol\Nero 8 Ultra Edition 8.1.1.4+KeyMaker\Nero-8.1.1.4_eng_update.exe
D:\Downloads\Programmer\Dvd, br‘nding ol\Nero 8 Ultra New version 8.3.2.1 With Working Keygen.zip
D:\Downloads\Programmer\Dvd, br‘nding ol\Nero 8.3.2.1\Nero-8.3.2.1_eng_trial.exe
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Regards
fenzodahl512
  • 0

#12
mathiaspoulsen

mathiaspoulsen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi!

Here's Combofix and hijackthis. In the meantime, I ran a trial-version of Kaspersky Internet Security, which eliminated some threats as well.

ComboFix 08-05-29.1 - Mathias Poulsen 2008-05-30 16:12:51.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1030.18.1972 [GMT 2:00]
Running from: C:\Users\Mathias Poulsen\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mathias Poulsen\Desktop\CFScript.txt

FILE ::
D:\Downloads\Programmer\Dvd, br‘nding ol\Nero 8 Ultra Edition 8.1.1.4+KeyMaker\Nero-8.1.1.4_eng_update.exe
D:\Downloads\Programmer\Dvd, br‘nding ol\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso
D:\Downloads\Programmer\Dvd, br‘nding ol\Nero 8 Ultra New version 8.3.2.1 With Working Keygen.zip
D:\Downloads\Programmer\Dvd, br‘nding ol\Nero 8.3.2.1\Nero-8.3.2.1_eng_trial.exe
D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Downloads\Programmer\OS\WinPE ULTIMATE.rar

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 13:20 . 2008-05-30 13:50 96,966 --a------ C:\Windows\System32\drivers\klin.dat
2008-05-30 13:20 . 2008-05-30 13:50 88,774 --a------ C:\Windows\System32\drivers\klick.dat
2008-05-30 13:19 . 2008-05-30 13:19 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-30 13:19 . 2008-05-30 16:16 17,258,784 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-05-30 13:19 . 2008-05-30 13:51 24,200 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-05-30 13:11 . 2008-05-30 13:11 <DIR> d-------- C:\kav
2008-05-29 23:47 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-29 23:46 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 22:25 . 2008-05-29 22:25 <DIR> d-------- C:\Deckard
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\Users\All Users\CyberLink
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\ProgramData\CyberLink
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\Program Files\Fraps
2008-05-29 13:03 . 2008-05-29 13:06 <DIR> d-------- C:\Program Files\CyberLink
2008-05-29 11:42 . 2008-05-29 11:42 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-29 11:42 . 2008-05-30 13:54 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-29 11:42 . 2008-05-30 13:54 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-29 03:01 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-05-29 03:01 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-05-29 01:48 . 2008-05-29 01:48 123,376 --ah----- C:\Windows\System32\mlfcache.dat
2008-05-29 01:27 . 2008-05-29 03:03 <DIR> d-------- C:\Program Files\Picasa2
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\GetRightToGo
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\CursorArts
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Downloads
2008-05-29 01:23 . 2008-05-29 01:23 37 --a------ C:\Windows\iltwain.ini
2008-05-27 15:19 . 2008-05-27 15:19 <DIR> d-------- C:\Program Files\Panda Security
2008-05-27 14:28 . 2008-05-27 14:28 <DIR> d-------- C:\Windows\PrimoPDF4
2008-05-27 14:28 . 2008-05-27 14:28 <DIR> d-------- C:\Program Files\activePDF
2008-05-27 14:28 . 2006-12-11 22:12 176,235 --a------ C:\Windows\System32\Primomonnt.dll
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 12:06 . 2008-05-27 12:06 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Download Manager
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 12:05 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-27 12:05 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-27 11:44 . 2008-05-27 11:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 11:43 . 2008-05-27 11:43 <DIR> d-------- C:\VundoFix Backups
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\Users\All Users\TechSmith
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\ProgramData\TechSmith
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\Program Files\TechSmith
2008-05-27 00:21 . 2008-05-27 12:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 23:31 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-05-26 22:04 . 2008-05-26 22:04 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-26 22:04 . 2008-05-26 22:04 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-26 19:53 . 2008-05-26 19:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Vso
2008-05-26 19:53 . 2008-05-26 19:53 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-26 19:53 . 2008-05-26 19:55 47,360 --a------ C:\Users\Mathias Poulsen\AppData\Roaming\pcouffin.sys
2008-05-26 09:50 . 2008-05-26 22:29 49 --a------ C:\Windows\NeroDigital.ini
2008-05-25 00:58 . 2008-05-25 00:58 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft Games
2008-05-24 01:03 . 2008-05-24 01:03 <DIR> dr-h----- C:\Users\Mathias Poulsen\AppData\Roaming\SecuROM
2008-05-24 01:03 . 2008-05-24 01:03 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Users\All Users\Gamespot
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\ProgramData\Gamespot
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Program Files\GameSpot
2008-05-23 16:03 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-05-23 16:03 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
2008-05-23 16:02 . 2008-05-23 16:02 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-05-23 16:02 . 2008-05-23 16:02 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-05-23 13:14 . 2008-05-23 13:14 <DIR> d-------- C:\Windows\System32\Grand Theft Auto IV Screenshot dir
2008-05-23 13:14 . 2008-05-23 13:14 520,192 --a------ C:\Windows\System32\Grand Theft Auto IV Screenshot.scr
2008-05-23 12:55 . 2008-05-23 12:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\TEXTware
2008-05-23 12:55 . 2008-05-23 12:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Gyldendal
2008-05-23 11:15 . 2008-05-23 11:15 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-23 11:15 . 2008-05-23 11:15 <DIR> d-------- C:\Program Files\Frameworkx
2008-05-22 23:38 . 2008-05-24 15:19 <DIR> d-------- C:\Program Files\Steam
2008-05-22 23:38 . 2008-05-23 10:39 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-05-22 21:55 . 2008-05-22 21:55 <DIR> d-------- C:\PerfLogs
2008-05-22 11:04 . 2008-05-22 11:04 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Nero
2008-05-22 11:01 . 2008-05-27 11:59 <DIR> d-------- C:\Users\All Users\Nero
2008-05-22 11:01 . 2008-05-27 11:59 <DIR> d-------- C:\ProgramData\Nero
2008-05-22 11:01 . 2008-05-22 11:01 <DIR> d-------- C:\Program Files\Nero
2008-05-21 13:58 . 2008-05-21 13:59 <DIR> d-------- C:\Windows\NCFOM_screensaver dir
2008-05-21 13:58 . 2008-05-21 13:58 545,280 --a------ C:\Windows\flashax.exe
2008-05-21 13:58 . 2008-05-21 13:58 192,000 --a------ C:\Windows\NCFOM_screensaver.scr
2008-05-21 13:58 . 2008-05-21 13:58 12,288 --a------ C:\Windows\impborl.dll
2008-05-21 13:53 . 2008-05-21 13:53 <DIR> d-------- C:\Program Files\UselessCreations
2008-05-21 11:56 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-21 11:55 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-21 11:54 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-21 11:54 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-21 11:54 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-21 11:54 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-21 11:53 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-21 11:53 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-21 11:53 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-21 11:53 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-21 03:00 . 2008-05-21 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-20 17:18 . 2008-05-20 17:18 <DIR> d-------- C:\Program Files\ffdshow
2008-05-20 14:43 . 2008-05-20 14:43 <DIR> d-------- C:\Program Files\Runtime Software
2008-05-20 14:11 . 2008-05-29 03:01 <DIR> d-------- C:\Program Files\Google
2008-05-17 09:47 . 2008-05-17 09:47 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Teleca
2008-05-17 00:10 . 2008-05-17 00:10 <DIR> d-------- C:\Program Files\Common Files\Microsoft Games
2008-05-17 00:10 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-17 00:10 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-05-17 00:10 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-05-17 00:10 . 2007-03-12 16:42 1,123,696 --a------ C:\Windows\System32\D3DCompiler_33.dll
2008-05-17 00:10 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-05-17 00:10 . 2007-03-15 16:57 443,752 --a------ C:\Windows\System32\d3dx10_33.dll
2008-05-17 00:10 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-05-17 00:10 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-05-17 00:10 . 2006-09-28 16:03 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Logitech
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\Users\All Users\LogiShrd
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\ProgramData\LogiShrd
2008-05-16 22:28 . 2008-05-16 22:28 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-16 22:27 . 2008-05-16 22:27 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-05-16 22:27 . 2008-05-16 22:27 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\InstallShield
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Users\All Users\Logitech
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\ProgramData\Logitech
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Program Files\Logitech
2008-05-16 22:26 . 2008-05-16 22:27 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-05-16 22:26 . 2008-01-09 12:26 301,656 --a------ C:\Windows\System32\BtCoreIf.dll
2008-05-16 22:26 . 2008-01-09 12:27 170,512 --a------ C:\Windows\System32\kemutb.dll
2008-05-16 22:26 . 2008-01-09 12:28 141,840 --a------ C:\Windows\System32\KemUtil.dll
2008-05-16 22:26 . 2008-01-09 12:28 117,264 --a------ C:\Windows\System32\KemWnd.dll
2008-05-16 22:26 . 2008-01-09 12:28 76,304 --a------ C:\Windows\System32\KemXML.dll
2008-05-16 22:14 . 2008-05-16 22:14 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\GHISLER
2008-05-16 22:14 . 2008-05-16 22:14 <DIR> d-------- C:\Program Files\TC
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\UC.PIF
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\RAR.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 11:50 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-05-24 22:05 --------- d-----w C:\Program Files\Microsoft Games
2008-05-23 14:11 6,897 ----a-w C:\Program Files\install.log
2008-05-22 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-05-22 13:35 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-22 13:35 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 05:46 --------- d-----w C:\Program Files\MSBuild
2008-05-15 21:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Skrivebord
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Skabeloner
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Menuen Start
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Favoritter
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Dokumenter
2008-05-15 21:25 --------- d-sh--w C:\Program Files\Fælles filer
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-08 16:37 219,664 ----a-w C:\Windows\System32\klogon.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-30_ 1.27.10,10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 21:38:35 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-30 11:52:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-24 17:33:02 1,527,056 ----a-w C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2008-05-26 20:31:22 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-05-30 11:20:11 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-05-26 20:31:22 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-05-30 11:20:10 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-05-26 20:31:22 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-05-30 11:20:10 143,360 ----a-w C:\Windows\inf\infstrng.dat
- 2008-05-29 21:38:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-30 11:53:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-29 21:38:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-30 11:53:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-29 21:40:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-30 11:55:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-30 11:55:10 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-29 21:39:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-30 11:55:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-30 11:55:05 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-29 21:38:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-30 09:31:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-29 21:38:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-30 09:31:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-29 21:38:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-30 09:31:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-29 21:35:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-05-30 11:43:59 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-05-30 11:43:59 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2008-05-30 11:19:03 147,984 ----a-w C:\Windows\System32\drivers\klif.sys
+ 2007-10-16 09:05:28 20,496 ----a-w C:\Windows\System32\drivers\klim6.sys
+ 2008-02-08 16:35:42 23,604 ----a-w C:\Windows\System32\drivers\klopp.dat
+ 2007-10-16 09:05:28 20,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\klim6.inf_bb6bc382\klim6.sys
- 2008-05-29 21:43:44 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-29 23:28:47 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-29 21:40:31 6,112 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1828222192-4269986764-523784577-1000_UserData.bin
+ 2008-05-30 11:55:27 6,370 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1828222192-4269986764-523784577-1000_UserData.bin
- 2008-05-29 21:40:30 64,882 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 11:55:27 66,574 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-29 09:21:47 30,202 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 11:55:25 31,600 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 21:04 4423680 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-16 22:26:56 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1828222192-4269986764-523784577-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B3F3055-9B3E-421B-B075-BE878B70E969}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FEF1B852-3EB7-40FB-A381-BD37184D3BC4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DF7C2C9F-016D-439C-A1CE-B0C4DC8FAF22}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0EE2C32D-7FDB-49A9-A4B8-78B3CEA704D8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC5E947E-ACD1-4ABD-8918-47ABA74C230B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{898BF6F1-B1EA-4610-B4B5-32E86C2B542C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F066F6A-B0E7-4C44-A9A2-9033BF099056}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4A348EF-B07A-450D-84F8-AFE4C5BD0288}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2A447842-6A7D-49AC-9D90-341915715506}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9EE3D8E4-304E-4CDC-A2A4-A04861ADDB60}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C7B011E-30E0-42AF-8EB9-952359127104}"= UDP:D:\Spil\World in Conflict\wic.exe:World in Conflict
"{41ABAFF8-79AB-491D-9754-791FBF15E875}"= TCP:D:\Spil\World in Conflict\wic.exe:World in Conflict
"{B6F3F045-C976-45F5-80CC-9DC62E007C63}"= UDP:D:\Spil\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{4B5E9ECF-FC46-48F5-84D5-18F61A58621D}"= TCP:D:\Spil\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{28120364-A9B5-499B-8CCD-2843DE989CAB}"= UDP:D:\Spil\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{13C99D73-D005-491D-A8E1-616296B4CF11}"= TCP:D:\Spil\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{4949D4FE-3103-4576-A527-6B12D0485CB3}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{E65CA24B-5DEB-40AC-8728-785BCEABB593}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"TCP Query User{098B573C-484C-4BEC-84DB-5E244B1988F7}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{69270A48-291B-4024-ABEA-289E0F526BF6}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{1D7F1E7F-0794-4985-84AA-D3006424D043}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{0E40DE5C-3558-4BAA-83C4-C544D244FCA2}C:\\kav\\kis7.0\\english\\setup.exe"= UDP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{FAC231A9-C66E-475D-AE1B-591AF4BD8AEE}C:\\kav\\kis7.0\\english\\setup.exe"= TCP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 16:41]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-05-15 23:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-22 23:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 21:07:16 C:\Windows\Tasks\User_Feed_Synchronization-{9B227598-A68A-4D29-BA34-847B9F5834E0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 16:16:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Windows\TEMP\cch~1cbdf784b8.htp 0 bytes
C:\Windows\TEMP\cch~1cbdf94e75.htp 8192 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2008-05-30 16:17:36
ComboFix-quarantined-files.txt 2008-05-30 14:17:32
ComboFix2.txt 2008-05-29 23:27:29
ComboFix3.txt 2008-05-29 21:41:10

Pre-Run: 312,936,001,536 byte ledig
Post-Run: 312,664,358,912 byte ledig

321 --- E O F --- 2008-05-29 21:58:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:27, on 30-05-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7809 bytes
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hi, just a little bit more..

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Windows\TEMP\cch~1cbdf784b8.htp
C:\Windows\TEMP\cch~1cbdf94e75.htp

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Regards
fenzodahl512
  • 0

#14
mathiaspoulsen

mathiaspoulsen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 08-05-29.1 - Mathias Poulsen 2008-05-31 1:10:35.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1030.18.2356 [GMT 2:00]
Running from: C:\Users\Mathias Poulsen\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mathias Poulsen\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\TEMP\cch~1cbdf784b8.htp
C:\Windows\TEMP\cch~1cbdf94e75.htp
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 13:20 . 2008-05-30 13:50 96,966 --a------ C:\Windows\System32\drivers\klin.dat
2008-05-30 13:20 . 2008-05-30 13:50 88,774 --a------ C:\Windows\System32\drivers\klick.dat
2008-05-30 13:19 . 2008-05-30 13:19 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-30 13:19 . 2008-05-31 01:12 20,918,048 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-05-30 13:19 . 2008-05-31 01:02 279,944 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-05-30 13:11 . 2008-05-30 13:11 <DIR> d-------- C:\kav
2008-05-29 23:47 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-29 23:46 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 22:25 . 2008-05-29 22:25 <DIR> d-------- C:\Deckard
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\Users\All Users\CyberLink
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\ProgramData\CyberLink
2008-05-29 13:09 . 2008-05-29 13:09 <DIR> d-------- C:\Program Files\Fraps
2008-05-29 13:03 . 2008-05-29 13:06 <DIR> d-------- C:\Program Files\CyberLink
2008-05-29 11:42 . 2008-05-29 11:42 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-29 11:42 . 2008-05-30 13:54 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-29 11:42 . 2008-05-30 13:54 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-29 03:01 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-05-29 03:01 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-05-29 01:48 . 2008-05-29 01:48 123,376 --ah----- C:\Windows\System32\mlfcache.dat
2008-05-29 01:27 . 2008-05-29 03:03 <DIR> d-------- C:\Program Files\Picasa2
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\GetRightToGo
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\CursorArts
2008-05-29 01:23 . 2008-05-29 01:23 <DIR> d-------- C:\Downloads
2008-05-29 01:23 . 2008-05-29 01:23 37 --a------ C:\Windows\iltwain.ini
2008-05-27 15:19 . 2008-05-27 15:19 <DIR> d-------- C:\Program Files\Panda Security
2008-05-27 14:28 . 2008-05-27 14:28 <DIR> d-------- C:\Windows\PrimoPDF4
2008-05-27 14:28 . 2008-05-27 14:28 <DIR> d-------- C:\Program Files\activePDF
2008-05-27 14:28 . 2006-12-11 22:12 176,235 --a------ C:\Windows\System32\Primomonnt.dll
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-27 12:57 . 2008-05-27 12:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 12:06 . 2008-05-27 12:06 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Download Manager
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-27 12:05 . 2008-05-27 12:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 12:05 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-27 12:05 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-27 11:44 . 2008-05-27 11:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 11:43 . 2008-05-27 11:43 <DIR> d-------- C:\VundoFix Backups
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\Users\All Users\TechSmith
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\ProgramData\TechSmith
2008-05-27 00:22 . 2008-05-27 00:22 <DIR> d-------- C:\Program Files\TechSmith
2008-05-27 00:21 . 2008-05-27 12:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 23:31 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-05-26 22:04 . 2008-05-26 22:04 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-26 22:04 . 2008-05-26 22:04 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-26 19:53 . 2008-05-26 19:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Vso
2008-05-26 19:53 . 2008-05-26 19:53 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-26 19:53 . 2008-05-26 19:55 47,360 --a------ C:\Users\Mathias Poulsen\AppData\Roaming\pcouffin.sys
2008-05-26 09:50 . 2008-05-26 22:29 49 --a------ C:\Windows\NeroDigital.ini
2008-05-25 00:58 . 2008-05-25 00:58 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Microsoft Games
2008-05-24 01:03 . 2008-05-24 01:03 <DIR> dr-h----- C:\Users\Mathias Poulsen\AppData\Roaming\SecuROM
2008-05-24 01:03 . 2008-05-24 01:03 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Users\All Users\Gamespot
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\ProgramData\Gamespot
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Program Files\GameSpot
2008-05-23 16:03 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-05-23 16:03 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
2008-05-23 16:02 . 2008-05-23 16:02 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-05-23 16:02 . 2008-05-23 16:02 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-05-23 13:14 . 2008-05-23 13:14 <DIR> d-------- C:\Windows\System32\Grand Theft Auto IV Screenshot dir
2008-05-23 13:14 . 2008-05-23 13:14 520,192 --a------ C:\Windows\System32\Grand Theft Auto IV Screenshot.scr
2008-05-23 12:55 . 2008-05-23 12:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\TEXTware
2008-05-23 12:55 . 2008-05-23 12:55 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Gyldendal
2008-05-23 11:15 . 2008-05-23 11:15 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-23 11:15 . 2008-05-23 11:15 <DIR> d-------- C:\Program Files\Frameworkx
2008-05-22 23:38 . 2008-05-24 15:19 <DIR> d-------- C:\Program Files\Steam
2008-05-22 23:38 . 2008-05-23 10:39 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-05-22 21:55 . 2008-05-22 21:55 <DIR> d-------- C:\PerfLogs
2008-05-22 11:04 . 2008-05-22 11:04 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Nero
2008-05-22 11:01 . 2008-05-27 11:59 <DIR> d-------- C:\Users\All Users\Nero
2008-05-22 11:01 . 2008-05-27 11:59 <DIR> d-------- C:\ProgramData\Nero
2008-05-22 11:01 . 2008-05-22 11:01 <DIR> d-------- C:\Program Files\Nero
2008-05-21 13:58 . 2008-05-21 13:59 <DIR> d-------- C:\Windows\NCFOM_screensaver dir
2008-05-21 13:58 . 2008-05-21 13:58 545,280 --a------ C:\Windows\flashax.exe
2008-05-21 13:58 . 2008-05-21 13:58 192,000 --a------ C:\Windows\NCFOM_screensaver.scr
2008-05-21 13:58 . 2008-05-21 13:58 12,288 --a------ C:\Windows\impborl.dll
2008-05-21 13:53 . 2008-05-21 13:53 <DIR> d-------- C:\Program Files\UselessCreations
2008-05-21 11:56 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-21 11:55 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-21 11:54 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-21 11:54 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-21 11:54 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-21 11:54 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-21 11:53 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-21 11:53 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-21 11:53 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-21 11:53 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-21 03:00 . 2008-05-21 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-20 17:18 . 2008-05-20 17:18 <DIR> d-------- C:\Program Files\ffdshow
2008-05-20 14:43 . 2008-05-20 14:43 <DIR> d-------- C:\Program Files\Runtime Software
2008-05-20 14:11 . 2008-05-29 03:01 <DIR> d-------- C:\Program Files\Google
2008-05-17 09:47 . 2008-05-17 09:47 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Teleca
2008-05-17 00:10 . 2008-05-17 00:10 <DIR> d-------- C:\Program Files\Common Files\Microsoft Games
2008-05-17 00:10 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-17 00:10 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-05-17 00:10 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-05-17 00:10 . 2007-03-12 16:42 1,123,696 --a------ C:\Windows\System32\D3DCompiler_33.dll
2008-05-17 00:10 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-05-17 00:10 . 2007-03-15 16:57 443,752 --a------ C:\Windows\System32\d3dx10_33.dll
2008-05-17 00:10 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-05-17 00:10 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-05-17 00:10 . 2006-09-28 16:03 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\Logitech
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\Users\All Users\LogiShrd
2008-05-16 23:15 . 2008-05-16 23:15 <DIR> d-------- C:\ProgramData\LogiShrd
2008-05-16 22:28 . 2008-05-16 22:28 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-16 22:27 . 2008-05-16 22:27 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-05-16 22:27 . 2008-05-16 22:27 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\InstallShield
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Users\All Users\Logitech
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\ProgramData\Logitech
2008-05-16 22:26 . 2008-05-16 22:26 <DIR> d-------- C:\Program Files\Logitech
2008-05-16 22:26 . 2008-05-16 22:27 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-05-16 22:26 . 2008-01-09 12:26 301,656 --a------ C:\Windows\System32\BtCoreIf.dll
2008-05-16 22:26 . 2008-01-09 12:27 170,512 --a------ C:\Windows\System32\kemutb.dll
2008-05-16 22:26 . 2008-01-09 12:28 141,840 --a------ C:\Windows\System32\KemUtil.dll
2008-05-16 22:26 . 2008-01-09 12:28 117,264 --a------ C:\Windows\System32\KemWnd.dll
2008-05-16 22:26 . 2008-01-09 12:28 76,304 --a------ C:\Windows\System32\KemXML.dll
2008-05-16 22:14 . 2008-05-16 22:14 <DIR> d-------- C:\Users\Mathias Poulsen\AppData\Roaming\GHISLER
2008-05-16 22:14 . 2008-05-16 22:14 <DIR> d-------- C:\Program Files\TC
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\UC.PIF
2008-05-16 22:14 . 2006-07-26 06:55 545 --a------ C:\Windows\RAR.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 11:50 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-05-24 22:05 --------- d-----w C:\Program Files\Microsoft Games
2008-05-23 14:11 6,897 ----a-w C:\Program Files\install.log
2008-05-22 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-22 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-05-22 13:35 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-22 13:35 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 05:46 --------- d-----w C:\Program Files\MSBuild
2008-05-15 21:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Skrivebord
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Skabeloner
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Menuen Start
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Favoritter
2008-05-15 21:25 --------- d-sh--w C:\ProgramData\Dokumenter
2008-05-15 21:25 --------- d-sh--w C:\Program Files\Fælles filer
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-08 16:37 219,664 ----a-w C:\Windows\System32\klogon.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-30_16.17.02,82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 11:52:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-30 23:03:32 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-30 11:53:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-30 23:03:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-30 11:53:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-30 23:03:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-30 11:55:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-30 23:05:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-30 23:05:27 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-30 11:55:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-30 23:05:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-30 23:05:22 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-30 11:55:27 6,370 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1828222192-4269986764-523784577-1000_UserData.bin
+ 2008-05-30 23:05:22 6,528 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1828222192-4269986764-523784577-1000_UserData.bin
- 2008-05-30 11:55:27 66,574 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 23:05:22 66,748 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-30 11:55:25 31,600 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 23:05:20 31,752 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-22 14:47:32 67,180 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-05-30 20:09:40 97,386 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 21:04 4423680 C:\Windows\RtHDVCpl.exe]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-16 22:26:56 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1828222192-4269986764-523784577-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B3F3055-9B3E-421B-B075-BE878B70E969}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FEF1B852-3EB7-40FB-A381-BD37184D3BC4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DF7C2C9F-016D-439C-A1CE-B0C4DC8FAF22}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0EE2C32D-7FDB-49A9-A4B8-78B3CEA704D8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC5E947E-ACD1-4ABD-8918-47ABA74C230B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{898BF6F1-B1EA-4610-B4B5-32E86C2B542C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F066F6A-B0E7-4C44-A9A2-9033BF099056}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E4A348EF-B07A-450D-84F8-AFE4C5BD0288}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2A447842-6A7D-49AC-9D90-341915715506}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9EE3D8E4-304E-4CDC-A2A4-A04861ADDB60}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C7B011E-30E0-42AF-8EB9-952359127104}"= UDP:D:\Spil\World in Conflict\wic.exe:World in Conflict
"{41ABAFF8-79AB-491D-9754-791FBF15E875}"= TCP:D:\Spil\World in Conflict\wic.exe:World in Conflict
"{B6F3F045-C976-45F5-80CC-9DC62E007C63}"= UDP:D:\Spil\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{4B5E9ECF-FC46-48F5-84D5-18F61A58621D}"= TCP:D:\Spil\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{28120364-A9B5-499B-8CCD-2843DE989CAB}"= UDP:D:\Spil\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{13C99D73-D005-491D-A8E1-616296B4CF11}"= TCP:D:\Spil\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{4949D4FE-3103-4576-A527-6B12D0485CB3}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{E65CA24B-5DEB-40AC-8728-785BCEABB593}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"TCP Query User{098B573C-484C-4BEC-84DB-5E244B1988F7}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{69270A48-291B-4024-ABEA-289E0F526BF6}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{1D7F1E7F-0794-4985-84AA-D3006424D043}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{0E40DE5C-3558-4BAA-83C4-C544D244FCA2}C:\\kav\\kis7.0\\english\\setup.exe"= UDP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{FAC231A9-C66E-475D-AE1B-591AF4BD8AEE}C:\\kav\\kis7.0\\english\\setup.exe"= TCP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 16:41]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-05-15 23:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-22 23:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 22:11:16 C:\Windows\Tasks\User_Feed_Synchronization-{9B227598-A68A-4D29-BA34-847B9F5834E0}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 01:12:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Mathias Poulsen\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4C7E_BEA6_7EBE_886A\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-05-31 1:14:22
ComboFix-quarantined-files.txt 2008-05-30 23:14:17
ComboFix2.txt 2008-05-30 14:17:37
ComboFix3.txt 2008-05-29 23:27:29
ComboFix4.txt 2008-05-29 21:41:10

Pre-Run: 309,909,921,792 byte ledig
Post-Run: 309,880,483,840 byte ledig

293 --- E O F --- 2008-05-29 21:58:03




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:15:08, on 31-05-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7543 bytes
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Tell me about your computer condition :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP