Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Security Center Virus [RESOLVED]


  • This topic is locked This topic is locked

#1
traktor

traktor

    Member

  • Member
  • PipPip
  • 18 posts
Hi!
What a mess. Have tried everything and finally found this forum, that looked very seriously. Hope you can help me out!
Have enclosed the loggs from both SmitFraud and HijackThis:

Thanks.

Logg from SmitFraud:
SmitFraudFix v2.323

Scan done at 13:03:37.56, Mon 06/09/2008
Run from C:\download\SmitfraudFix
OS: Microsoft Windows [Versjon 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\iftuyszv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\444.0
C:\Windows\portsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe

Logg from HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:58 PM, on 6/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\iftuyszv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\444.0
C:\Windows\portsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXOFxvS.dll,#1
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Mobilt Kontor.lnk = C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\444.0.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\Windows\portsv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11740 bytes
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello traktor, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.





NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following logs in your next reply.. Please post each log in separate post..

1. SDFix
2. Deckard System Scanner (both main.txt and extra.txt)



Regards
fenzodahl512
  • 0

#3
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi!
And thanks for your reply and help.
I am not able to run the RunThis.bat file in security mode. When I run it I see that "something" like a window open, but it disappear. In safe mode I can open it.
I have tried run as adminastrator too. I am using vista home edition and maybe thats my biggest problem? :-P
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. please proceed with Deckard System Scanner step and post the logs required here.. Please post main.txt and extra.txt in separate post..


Regards
fenzodahl512
  • 0

#5
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi, again!
I got tipped that the Malewarebyte-program could fix my problem, and it seems like it did!!!
However I really appreciate your help here, and here is now the results of the scans you asked for, I hope there is more that can be fixed, bcs my pc is really slow...

Main.txt:


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM]
Mobilt Kontor.lnk - C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe [5/10/2007 10:38:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
GPSvcGroup GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-16 15:08:52 ------------
  • 0

#6
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Norwegian

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2046.38 MiB / 1397.51 MiB
Pagefile Memory (total/avail): 4310.33 MiB / 3415.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.14 MiB

C: is Fixed (NTFS) - 142.61 GiB total, 2.91 GiB free.
D: is Fixed (NTFS) - 149.05 GiB total, 33.66 GiB free.
E: is Fixed (NTFS) - 6.44 GiB total, 1.36 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 142.61 GiB - C:
\PARTITION1 - Installable File System - 6.44 GiB - E:

\\.\PHYSICALDRIVE1 - Hitachi HTS541616J9SA00 ATA Device - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: Personlig brannmur v7.0.0.1 (Norman)
AV: Norman Security Suite ver. 7.00 v7.00 (Norman ASA)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\ennitti\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ENNITTI-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\ennitti
LOCALAPPDATA=C:\Users\ennitti\AppData\Local
LOGONSERVER=\\ENNITTI-PC
NpmLib=C:\Program Files\Norman\Npm\Bin
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Norman\Npm\Bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ennitti\AppData\Local\Temp
TMP=C:\Users\ennitti\AppData\Local\Temp
USERDOMAIN=ennitti-PC
USERNAME=ennitti
USERPROFILE=C:\Users\ennitti
windir=C:\Windows
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

ennitti (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
Betsafe Poker --> C:\Windows\system32\UnPoker.exe BetsafePoker
Bridge Base Online --> C:\Windows\iun506.exe c:\Bridge Base Online\irunin.ini
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IQv30CFza.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESU for Microsoft Vista --> MsiExec.exe /X{6F165A1E-494D-41B5-9D18-F96A6852F741}
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
GameTime+ --> MsiExec.exe /I{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 --> MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0014 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0056 --> MsiExec.exe /I{5AB56552-6938-4686-9F87-DB0ED8D1E06B}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
InterPoker --> C:\Windows\system32\UnPoker.exe InterCasinoPoker
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LightScribe System Software 1.12.37.1 --> MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mobilt Kontor --> MsiExec.exe /X{36BF3B2E-F1CA-4147-8DAC-5F65EC4C79D8}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista --> MsiExec.exe /I{301C3EAA-7220-428D-A5A0-CEF9EEEABCBB}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norman Security Suite --> MsiExec.exe /X{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Poker Tracker Version 2.16.03d --> "C:\Program Files\Poker Tracker V2\unins001.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerStove version 1.21 --> "C:\Program Files\PokerStove\unins000.exe"
Quick StartUp 2.3 --> "C:\Program Files\Quick StartUp\unins000.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Recover Files 2.0 --> "C:\Program Files\Recover Files\unins000.exe"
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartAudio --> C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio /F1"C:\Program Files\InstallShield Installation Information\{E621DCAF-82F7-4F6D-B563-B6A4004B2397}\setup.iss" /S
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SunPoker.com --> C:\Windows\system32\UnPoker.exe CaribbeanSunPoker
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TmNationsForever --> "C:\Program Files\TmNationsForever\unins000.exe"
TweakNow RegCleaner Standard --> "C:\Program Files\TweakNow RegCleaner Std\unins000.exe"
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4255 / Error
Event Submitted/Written: 06/16/2008 03:03:09 PM
Event ID/Source: 5007 / WerSvc
Event Description:
Målfilen for Windows Feedback Platform (en DLL-fil som inneholder listen over problemer på denne datamaskinen som krever ytterligere innhenting av data for diagnostisering) kunne ikke analyseres. Feilkoden var 8014FFF9.

Event Record #/Type4247 / Success
Event Submitted/Written: 06/16/2008 02:58:56 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type4246 / Success
Event Submitted/Written: 06/16/2008 02:58:55 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type4244 / Success
Event Submitted/Written: 06/16/2008 02:58:07 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Software Licensing-tjenesten er startet.

Event Record #/Type4232 / Warning
Event Submitted/Written: 06/16/2008 02:57:05 PM
Event ID/Source: 6000 / Wlclntfy
Event Description:
Winlogon-varslingsabonnenten <GPClient> var ikke tilgjengelig til å håndtere en varslingshendelse.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type36575 / Warning
Event Submitted/Written: 06/16/2008 03:00:13 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Datamaskinen kan ikke fornye adressen fra nettverket (fra DHCP-serveren) for nettverkskortet med nettverksadressen 001A73B2DF33. Følgende feil oppstod:
%%121. Datamaskinen vil fortsette å prøve å hente en adresse på egen hånd fra nettverksadresseserveren (DHCP).

Event Record #/Type36574 / Warning
Event Submitted/Written: 06/16/2008 02:59:45 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Datamaskinen kan ikke fornye adressen fra nettverket (fra DHCP-serveren) for nettverkskortet med nettverksadressen 001A73B2DF33. Følgende feil oppstod:
%%1223. Datamaskinen vil fortsette å prøve å hente en adresse på egen hånd fra nettverksadresseserveren (DHCP).

Event Record #/Type36573 / Warning
Event Submitted/Written: 06/16/2008 02:59:21 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Datamaskinen kan ikke fornye adressen fra nettverket (fra DHCP-serveren) for nettverkskortet med nettverksadressen 001A73B2DF33. Følgende feil oppstod:
%%1223. Datamaskinen vil fortsette å prøve å hente en adresse på egen hånd fra nettverksadresseserveren (DHCP).

Event Record #/Type36537 / Error
Event Submitted/Written: 06/16/2008 02:59:01 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Function Discovery Resource Publication%%2147942405

Event Record #/Type36529 / Error
Event Submitted/Written: 06/16/2008 02:59:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058



-- End of Deckard's System Scanner: finished at 2008-06-16 15:08:52 ------------
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm.. is seems your main.txt has been cut-off.. can you find main.txt under C:\Deckard folder?

If not, just run Deckard System Scanner again and post the log here..


Regards
fenzodahl512
  • 0

#8
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Trying again.

main.txt:

Deckard's System Scanner v20071014.68
Run by ennitti on 2008-06-17 20:10:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 5.25 GiB (less than 15%) free.


-- HijackThis (run as ennitti.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:46 PM, on 6/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Windows\System32\svchost.exe
C:\download\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ennitti.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ennitti.com/7
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Mobilt Kontor.lnk = C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\Windows\portsv.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9356 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-15 13:23:45 1438178 --a------ C:\SDFix.exe
2008-06-10 12:56:33 0 d-------- C:\MSNCleaner
2008-06-09 17:38:06 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-09 17:38:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 13:01:13 0 d-------- C:\Program Files\Sun
2008-06-09 12:42:42 0 d-------- C:\Program Files\Trend Micro
2008-06-09 11:59:18 286090 --a------ C:\Pass2.cmd
2008-06-09 11:57:34 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-06-09 11:57:34 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-09 11:57:34 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-09 11:57:34 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-09 11:57:34 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-09 11:57:34 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-09 11:57:34 51200 --a------ C:\Windows\system32\dumphive.exe
2008-06-09 11:57:34 82944 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-09 11:40:46 0 d-------- C:\Program Files\Quick StartUp
2008-06-09 11:40:13 5092 --a------ C:\Windows\system32\tmp.reg
2008-06-09 11:24:22 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-06-09 10:39:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-09 01:10:00 18688 --a------ C:\Windows\svcinit.exe
2008-06-09 01:09:59 21760 --a------ C:\Windows\sistem.exe
2008-06-09 01:09:59 20992 --a------ C:\Windows\searchword.dll
2008-06-09 01:09:59 11264 --a------ C:\Windows\rundll16.exe
2008-06-09 01:09:59 14336 --a------ C:\Windows\quicken.exe
2008-06-09 01:09:59 29184 --a------ C:\Windows\qttasks.exe
2008-06-09 01:09:58 11776 --a------ C:\Windows\mswsc20.dll
2008-06-09 01:09:58 21760 --a------ C:\Windows\mswsc10.dll
2008-06-09 01:09:58 22784 --a------ C:\Windows\msspi.dll
2008-06-09 01:09:58 14848 --a------ C:\Windows\msconfd.dll
2008-06-09 01:09:57 30976 --a------ C:\Windows\inetinf.exe
2008-06-09 01:09:57 28416 --a------ C:\Windows\helpcvs.exe
2008-06-09 01:09:57 27136 --a------ C:\Windows\gfmnaaa.dll
2008-06-09 01:09:56 22528 --a------ C:\Windows\funny.exe
2008-06-09 01:09:56 23296 --a------ C:\Windows\funniest.exe
2008-06-09 01:09:56 28928 --a------ C:\Windows\explorer32.exe
2008-06-09 01:09:56 25856 --a------ C:\Windows\editpad.exe
2008-06-09 01:09:56 13056 --a------ C:\Windows\dnsrelay.dll
2008-06-09 01:09:55 15360 --a------ C:\Windows\directx32.exe
2008-06-09 01:09:55 17152 --a------ C:\Windows\ctrlpan.dll
2008-06-09 01:09:55 25344 --a------ C:\Windows\ctfmon32.exe
2008-06-09 00:54:39 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-06-09 00:54:36 0 d-------- C:\Windows\system32\7951
2008-06-07 04:10:09 0 d-------- C:\Windows\system32\vntiho06
2008-06-07 04:10:09 0 d-------- C:\Temp
2008-06-01 11:13:18 0 d-------- C:\BluRay
2008-05-31 01:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-26 21:38:51 0 d-------- C:\Program Files\PokerStove
2008-05-25 03:24:00 0 d-------- C:\Program Files\InterPoker
2008-05-23 00:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-17 20:09:03 0 d-------- C:\Users\ennitti\AppData\Roaming\uTorrent
2008-06-16 15:03:10 452704 --a------ C:\Windows\system32\perfh014.dat
2008-06-16 15:03:10 76640 --a------ C:\Windows\system32\perfc014.dat
2008-06-16 14:59:12 54503 --a------ C:\Users\ennitti\AppData\Roaming\nvModes.dat
2008-06-16 14:59:12 54503 --a------ C:\Users\ennitti\AppData\Roaming\nvModes.001
2008-06-16 14:57:59 0 d-------- C:\Program Files\Norman
2008-06-16 14:53:58 2484 --a------ C:\Windows\bthservsdp.dat
2008-06-16 14:46:49 0 d-------- C:\Program Files\Poker Tracker V2
2008-06-16 11:21:33 0 d-------- C:\Program Files\SunPoker.com
2008-06-16 03:10:53 1104 --a------ C:\Users\ennitti\AppData\Roaming\wklnhst.dat
2008-06-16 02:24:11 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-16 00:38:28 0 d-------- C:\Users\ennitti\AppData\Roaming\Skype
2008-06-16 00:09:37 0 d-------- C:\Users\ennitti\AppData\Roaming\skypePM
2008-06-15 16:36:24 0 d-------- C:\Program Files\Betsafe Poker
2008-06-12 16:40:58 0 d-------- C:\Program Files\DivX
2008-06-10 06:09:46 0 d-------- C:\Program Files\Windows Mail
2008-06-09 17:38:09 0 d-------- C:\Users\ennitti\AppData\Roaming\Malwarebytes
2008-06-09 13:01:05 0 d-------- C:\Program Files\Java
2008-06-03 11:56:52 0 d-------- C:\Users\ennitti\AppData\Roaming\mIRC
2008-06-03 11:55:37 0 d-------- C:\Program Files\mIRC
2008-06-01 22:05:53 0 d-------- C:\Program Files\PokerStars
2008-05-15 14:35:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-13 17:34:06 0 d-------- C:\Program Files\TmNationsForever
2008-05-11 01:18:53 0 d-------- C:\Program Files\Recover Files
2008-04-27 12:18:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 04:34:06 0 d-------- C:\Users\ennitti\AppData\Roaming\WinRAR
2008-04-18 03:48:52 0 d-------- C:\Program Files\Google
2008-04-17 15:27:09 0 d-------- C:\Program Files\uTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/13/2007 05:36 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 11:38 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [07/09/2007 04:57 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/09/2007 04:57 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/09/2007 04:57 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 01:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 04:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [12/17/2007 03:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 02:36 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM]
Mobilt Kontor.lnk - C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe [5/10/2007 10:38:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
GPSvcGroup GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-17 20:11:31 ------------
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall
  • 0

#10
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll
+ 2008-06-09 22:10:45 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll
+ 2008-06-09 22:10:45 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll
+ 2008-06-09 22:06:33 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll
+ 2008-06-09 22:06:32 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll
+ 2008-06-09 22:06:33 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
+ 2008-06-09 22:06:33 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
+ 2008-06-09 22:06:28 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
+ 2008-06-09 22:06:28 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
+ 2008-06-09 22:12:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll
+ 2008-06-09 22:12:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll
+ 2008-06-09 22:06:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll
+ 2008-06-09 22:06:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll
+ 2008-06-09 22:06:29 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll
+ 2008-06-09 22:06:29 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll
+ 2008-06-09 22:12:55 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll
+ 2008-06-09 22:12:55 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll
+ 2008-06-09 22:06:44 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll
+ 2008-06-09 22:06:44 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
+ 2008-06-09 22:06:44 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll
+ 2008-06-09 22:06:43 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll
+ 2008-06-09 22:06:44 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
+ 2008-06-09 22:06:44 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll
+ 2008-06-09 22:06:31 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll
+ 2008-06-09 22:06:31 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
+ 2008-06-09 22:06:31 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll
+ 2008-06-09 22:06:31 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll
+ 2008-06-09 22:06:31 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
+ 2008-06-09 22:06:31 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll
+ 2008-06-09 22:06:45 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat
+ 2008-06-09 22:06:45 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll
+ 2008-06-09 22:06:45 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat
+ 2008-06-09 22:06:44 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll
+ 2008-06-09 22:06:43 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll
+ 2008-06-09 22:06:43 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll
+ 2008-06-09 22:06:43 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll
+ 2008-06-09 22:06:43 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll
+ 2008-06-09 22:06:40 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll
+ 2008-06-09 22:06:40 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll
+ 2008-06-09 22:06:40 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
+ 2008-06-09 22:06:38 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
+ 2008-06-09 22:06:31 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
+ 2008-06-09 22:06:29 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
+ 2008-06-09 22:06:37 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll
+ 2008-06-09 22:06:37 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
+ 2008-06-09 22:06:34 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe
+ 2008-06-09 22:06:35 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
+ 2008-06-09 22:06:33 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe
+ 2008-06-09 22:06:34 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
+ 2008-06-09 22:06:32 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe
+ 2008-06-09 22:06:32 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll
+ 2008-06-09 22:06:32 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll
+ 2008-06-09 22:06:32 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe
+ 2008-06-09 22:06:32 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll
+ 2008-06-09 22:06:32 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll
+ 2008-06-09 22:06:44 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll
+ 2008-06-09 22:06:44 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll
+ 2008-06-09 22:06:42 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll
+ 2008-06-09 22:06:42 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll
+ 2008-06-09 22:06:40 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll
+ 2008-06-09 22:06:41 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll
+ 2008-06-09 22:06:37 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe
+ 2008-06-09 22:06:36 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe
+ 2008-06-09 22:06:32 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe
+ 2008-06-09 22:06:31 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe
+ 2008-06-09 22:02:11 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16625_none_3d338c3162694f64\mcmde.dll
+ 2008-06-09 22:02:11 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20750_none_3d97b7c67ba3c44e\mcmde.dll
+ 2008-06-09 22:16:06 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.16632_none_4d03fb3a91e27bd0\nwifi.sys
+ 2008-06-09 22:16:06 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.20757_none_4d7cf99fab0bd22f\nwifi.sys
+ 2008-06-09 22:15:39 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.16627_none_0e39ff40545cdf67\netcfg.exe
+ 2008-06-09 22:15:38 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.20752_none_0e9e2ad56d975451\netcfg.exe
+ 2008-06-09 22:15:38 216,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16627_none_54a6905db830dfb1\netio.sys
+ 2008-06-09 22:15:38 217,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20752_none_550abbf2d16b549b\netio.sys
+ 2008-06-09 22:12:55 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.16609_none_71cfead8774bc0d7\nshhttp.dll
+ 2008-06-09 22:12:55 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.20734_none_7234166d908635c1\nshhttp.dll
+ 2008-06-09 22:17:20 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
+ 2008-06-09 22:17:20 1,061,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys
+ 2008-06-09 22:16:49 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16674_none_f05a2d326e88eb29\OESpamFilter.dat
+ 2008-06-09 22:16:49 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20815_none_f125abb58774f9cb\OESpamFilter.dat
+ 2008-06-09 22:16:49 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18054_none_f2560bb06b9f4438\OESpamFilter.dat
+ 2008-06-09 22:16:48 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22159_none_f2e4a9ed84b862b5\OESpamFilter.dat
+ 2008-06-09 22:16:08 558,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16588_none_bacb6cf1fe8d4f50\oleaut32.dll
+ 2008-06-09 22:10:23 558,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16607_none_bb20ededfe4d5398\oleaut32.dll
+ 2008-06-09 22:12:55 558,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16609_none_bb22ee81fe4b8646\oleaut32.dll
+ 2008-06-09 22:16:08 559,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.20711_none_bb99b91117787749\oleaut32.dll
+ 2008-06-09 22:10:22 559,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.20732_none_bb8519831787c882\oleaut32.dll
+ 2008-06-09 22:12:55 559,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.20734_none_bb871a171785fb30\oleaut32.dll
+ 2008-06-09 22:16:08 3,504,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe
+ 2008-06-09 22:16:07 3,470,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntoskrnl.exe
+ 2008-06-09 22:16:07 3,505,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe
+ 2008-06-09 22:16:07 3,471,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntoskrnl.exe
+ 2008-06-09 22:12:54 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\CntrtextMig.dll
+ 2008-06-09 22:12:54 115,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\loadperf.dll
+ 2008-06-09 22:12:54 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\lodctr.exe
+ 2008-06-09 22:12:55 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\perfc.dat
+ 2008-06-09 22:12:55 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\perfd.dat
+ 2008-06-09 22:12:55 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\perfh.dat
+ 2008-06-09 22:12:55 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\perfi.dat
+ 2008-06-09 22:12:54 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\prflbmsg.dll
+ 2008-06-09 22:12:54 32,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\unlodctr.exe
+ 2008-06-09 22:12:53 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\CntrtextMig.dll
+ 2008-06-09 22:12:53 115,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\loadperf.dll
+ 2008-06-09 22:12:53 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\lodctr.exe
+ 2008-06-09 22:12:54 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\perfc.dat
+ 2008-06-09 22:12:54 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\perfd.dat
+ 2008-06-09 22:12:54 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\perfh.dat
+ 2008-06-09 22:12:54 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\perfi.dat
+ 2008-06-09 22:12:53 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\prflbmsg.dll
+ 2008-06-09 22:12:53 32,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\unlodctr.exe
+ 2008-06-09 22:12:53 18,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack-msg_31bf3856ad364e35_6.0.6000.16609_none_3cc22de72dd8baa4\CbsMsg.dll
+ 2008-06-09 22:12:53 18,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack-msg_31bf3856ad364e35_6.0.6000.20734_none_3d26597c47132f8e\CbsMsg.dll
+ 2008-06-09 22:05:00 432,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\CbsCore.dll
+ 2008-06-09 22:05:00 95,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\DrUpdate.dll
+ 2008-06-09 22:05:00 99,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\poqexec.exe
+ 2008-06-09 22:05:00 116,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\smipi.dll
+ 2008-06-09 22:05:01 1,646,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\wcp.dll
+ 2008-06-09 22:05:01 50,688 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\wrpint.dll
+ 2008-06-09 22:13:29 1,585,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16609_none_33181da4c90f2d73\setupapi.dll
+ 2008-06-09 22:13:29 1,585,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.20734_none_337c4939e249a25d\setupapi.dll
+ 2008-06-09 22:12:59 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe
+ 2008-06-09 22:12:59 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll
+ 2008-06-09 22:12:59 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll
+ 2008-06-09 22:12:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe
+ 2008-06-09 22:12:58 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe
+ 2008-06-09 22:12:59 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll
+ 2008-06-09 22:12:58 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll
+ 2008-06-09 22:12:58 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe
+ 2008-06-09 22:12:48 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe
+ 2008-06-09 22:12:49 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll
+ 2008-06-09 22:12:48 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll
+ 2008-06-09 22:12:48 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe
+ 2008-06-09 22:12:48 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe
+ 2008-06-09 22:12:48 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll
+ 2008-06-09 22:12:48 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll
+ 2008-06-09 22:12:48 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe
+ 2008-06-09 22:12:52 595,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
+ 2008-06-09 22:12:52 595,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
+ 2008-06-09 22:15:38 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\netiomig.dll
+ 2008-06-09 22:15:38 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\netiougc.exe
+ 2008-06-09 22:15:38 803,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
+ 2008-06-09 22:15:38 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpipcfg.dll
+ 2008-06-09 22:15:37 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\netiomig.dll
+ 2008-06-09 22:15:37 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\netiougc.exe
+ 2008-06-09 22:15:37 806,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
+ 2008-06-09 22:15:37 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpipcfg.dll
+ 2008-06-09 22:12:51 27,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6000.16609_none_8f2ff7784ff80919\TrustedInstaller.exe
+ 2008-06-09 22:12:51 27,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6000.20734_none_8f94230d69327e03\TrustedInstaller.exe
+ 2008-06-09 22:12:51 495,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.0.6000.16609_none_7475dc2e20bd6c08\Wdf01000.sys
+ 2008-06-09 22:12:51 35,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.0.6000.16609_none_7475dc2e20bd6c08\WdfLdr.sys
+ 2008-06-09 22:12:50 495,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.0.6000.20734_none_74da07c339f7e0f2\Wdf01000.sys
+ 2008-06-09 22:12:51 35,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.0.6000.20734_none_74da07c339f7e0f2\WdfLdr.sys
+ 2008-06-09 22:17:45 48,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.0.6000.20751_none_923bb8126e5dee69\davclnt.dll
+ 2008-06-09 22:17:45 110,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.0.6000.16626_none_12b50875c89fe395\mrxdav.sys
+ 2008-06-09 22:17:45 110,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.0.6000.20751_none_1319340ae1da587f\mrxdav.sys
+ 2008-06-09 22:17:45 194,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.0.6000.16626_none_532fecfab695e27c\WebClnt.dll
+ 2008-06-09 22:17:45 196,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.0.6000.20751_none_5394188fcfd05766\WebClnt.dll
+ 2008-06-09 22:11:20 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
+ 2008-06-09 22:11:19 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
+ 2008-06-09 22:11:19 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
+ 2008-06-09 22:11:19 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
+ 2008-06-09 22:12:50 12,800 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..battery-driverclass_31bf3856ad364e35_6.0.6000.16609_none_18009dbc49aa7293\batt.dll
+ 2008-06-09 22:12:50 12,800 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..battery-driverclass_31bf3856ad364e35_6.0.6000.20734_none_1864c95162e4e77d\batt.dll
+ 2008-06-09 22:12:50 35,328 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..display-driverclass_31bf3856ad364e35_6.0.6000.16609_none_41b37abe932781d6\dispci.dll
+ 2008-06-09 22:12:50 35,328 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..display-driverclass_31bf3856ad364e35_6.0.6000.20734_none_4217a653ac61f6c0\dispci.dll
+ 2008-06-09 22:12:58 613,888 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.0.6000.16609_none_66d0f2386adae39f\wpd_ci.dll
+ 2008-06-09 22:12:58 613,888 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.0.6000.20734_none_67351dcd84155889\wpd_ci.dll
+ 2008-06-09 22:17:20 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.16615_none_4117345983213804\monitor.sys
+ 2008-06-09 22:17:20 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.20740_none_417b5fee9c5bacee\monitor.sys
+ 2008-06-09 22:16:07 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\aliide.sys
+ 2008-06-09 22:16:07 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\amdide.sys
+ 2008-06-09 22:16:07 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
+ 2008-06-09 22:16:07 109,624 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\ataport.sys
+ 2008-06-09 22:16:06 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\cmdide.sys
+ 2008-06-09 22:16:06 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\intelide.sys
+ 2008-06-09 22:16:06 25,656 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\msahci.sys
+ 2008-06-09 22:16:07 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciide.sys
+ 2008-06-09 22:16:07 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciidex.sys
+ 2008-06-09 22:16:07 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\viaide.sys
+ 2008-06-09 22:16:06 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\aliide.sys
+ 2008-06-09 22:16:06 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\amdide.sys
+ 2008-06-09 22:16:06 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
+ 2008-06-09 22:16:06 110,136 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\ataport.sys
+ 2008-06-09 22:16:06 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\cmdide.sys
+ 2008-06-09 22:16:06 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\intelide.sys
+ 2008-06-09 22:16:06 28,216 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\msahci.sys
+ 2008-06-09 22:16:06 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciide.sys
+ 2008-06-09 22:16:06 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciidex.sys
+ 2008-06-09 22:16:06 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\viaide.sys
+ 2008-06-09 22:12:50 54,784 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
+ 2008-06-09 22:12:50 34,360 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\mouclass.sys
+ 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\mouhid.sys
+ 2008-06-09 22:12:50 19,968 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\sermouse.sys
+ 2008-06-09 22:12:50 54,784 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys
+ 2008-06-09 22:12:50 34,360 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\mouclass.sys
+ 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\mouhid.sys
+ 2008-06-09 22:12:50 19,968 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\sermouse.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 02:36 PM 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/13/2007 05:36 AM 827392]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 11:38 AM 159744]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [07/09/2007 04:57 AM 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/09/2007 04:57 AM 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/09/2007 04:57 AM 81920]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 01:18 PM 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 04:12 PM 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM 144784]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [12/17/2007 03:37 PM 273520]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM 719664]
Mobilt Kontor.lnk - C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe [5/10/2007 10:38:58 AM 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 03/17/2008 05:59 PM 2289664 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 02/01/2008 12:13 AM 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1365638748-907170335-1329176293-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3CD23DDE-A894-4EA4-969A-FE008B2CED70}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4505338E-6EBA-4C4A-95D0-B37FCCCDEA0A}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{4E6E0A71-F0B3-4349-B29D-A2EC602296B0}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{997CA9E2-8E8F-4085-B50D-8BB6190E3738}C:\\program files\\sunpoker.com\\ua.exe"= UDP:C:\program files\sunpoker.com\ua.exe:UA Application
"UDP Query User{3EEC328F-FCA5-4968-BBC4-7E20FCA4D9B9}C:\\program files\\sunpoker.com\\ua.exe"= TCP:C:\program files\sunpoker.com\ua.exe:UA Application
"{5432B8F8-ED61-434F-92F0-746A94AB2B7F}"= UDP:C:\Program Files\mIRC\mirc.exe:mIRC
"{411F99A5-91C4-4E69-B8DD-A11A64EE26BE}"= TCP:C:\Program Files\mIRC\mirc.exe:mIRC
"{7AEA9259-2403-4075-98A9-ECA321BDD46E}"= UDP:C:\Program Files\SunPoker.com\launcher.exe:SunPoker.com
"{13D0FF2B-EFD0-4D98-9724-096AD06906B6}"= TCP:C:\Program Files\SunPoker.com\launcher.exe:SunPoker.com
"{344DD3F6-975B-47A9-B35A-8F3CE66EFBF9}"= UDP:C:\Program Files\Poker Tracker V2\ptrack2.exe:Poker Tracker V2
"{A7CF85E6-A097-427E-A504-7D5DA49E32D9}"= TCP:C:\Program Files\Poker Tracker V2\ptrack2.exe:Poker Tracker V2
"{4685516A-4CDB-47D3-A02B-1CD32E1C6428}"= UDP:C:\Program Files\GameTimePlus\GameTimePlus.exe:GameTimePlus
"{9914B8A7-810F-4C97-A311-19AEE55A654C}"= TCP:C:\Program Files\GameTimePlus\GameTimePlus.exe:GameTimePlus
"TCP Query User{7D031AE6-D334-411F-8483-8EF4797D297C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{42B00F10-D191-4587-AD14-65837B48E74F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{76322E93-2B9E-4825-8BE4-EC9D47BD9EAB}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{7CF49E67-C437-4A0E-87AE-8DFB8E48D279}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"{FA97E4BF-3D88-43EF-9A6B-FFD43030400D}"= UDP:C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{909A6D6E-248A-4299-9424-F951F3DF11D2}"= TCP:C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{118B6D52-1771-4CFA-B8C0-501C6BCC173B}"= UDP:C:\Bridge Base Online\NetBridgeVu.exe:Bridge Base Online
"{90F9660E-A6F3-485C-A925-0B0437981A1E}"= TCP:C:\Bridge Base Online\NetBridgeVu.exe:Bridge Base Online
"{4024D04A-1F09-4CE7-889B-B5CD12977EB0}"= UDP:C:\Program Files\Online Services\Skype\SkypeSetup.exe:Skype
"{E5E096FD-5A67-4EDC-82D2-CD106FFFF518}"= TCP:C:\Program Files\Online Services\Skype\SkypeSetup.exe:Skype
"{963D9D6B-55F1-425C-ADEE-5575C16E8780}"= UDP:C:\Program Files\SunPoker.com\launcher.exe:SunPoker.com
"{AE4F78FC-F7CE-4BE8-81D5-EA2412191C77}"= TCP:C:\Program Files\SunPoker.com\launcher.exe:SunPoker.com
"{944B133B-0EE3-4C03-AA3B-21C459F9904D}"= UDP:C:\Program Files\Poker Tracker V2\ptrack2.exe:Poker Tracker V2
"{527362C4-B2D9-40BF-AF5F-A86185EA105E}"= TCP:C:\Program Files\Poker Tracker V2\ptrack2.exe:Poker Tracker V2
"TCP Query User{D93C24AC-46C6-4394-BE6B-21B4E09E85A0}C:\\program files\\sunpoker.com\\ua.exe"= UDP:C:\program files\sunpoker.com\ua.exe:UA Application
"UDP Query User{FBF16A9B-A699-4E2E-B56B-2DB80C50002C}C:\\program files\\sunpoker.com\\ua.exe"= TCP:C:\program files\sunpoker.com\ua.exe:UA Application
"{8F7F4842-A2D4-4477-80E5-A1CD4D3547A9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AB2F3BA7-D2B0-4517-A189-AE506A86BB0C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1178F714-8908-48E3-A255-C2C129C0BD18}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21FCA5D4-5BF2-4E45-810F-5FC229CF3686}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{99AFA1D6-DFFB-4080-AD2E-A1450CC1534D}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{71FDC492-29F2-48EF-A3CA-2D4CC8D82B1D}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E0A105D7-2F45-4CDA-854F-B3ED8C72B0EE}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{70446B62-0074-4D5F-B13F-26806E32845C}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 ALE_NF;Norman Firewall ALE driver;C:\Windows\system32\drivers\ale_nf.sys [01/23/2008 04:01 PM]
R2 GtFlashSwitch;GtFlashSwitch;"C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" [02/09/2007 03:48 PM]
R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [01/02/2007 10:55 AM]
R2 NPFSvc32;Norman Personal Firewall Service;"C:\Program Files\Norman\npf\bin\npfsvc32.exe" [01/28/2008 11:21 AM]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Program Files\Norman\npm\bin\nvoy.exe" [01/22/2008 04:04 PM]
R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [04/18/2007 10:51 AM]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [04/18/2007 10:51 AM]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [04/18/2007 10:51 AM]
R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [02/11/2008 03:56 PM]
R3 nvcoas;Norman Virus Control on-access component;"C:\Program Files\Norman\Nvc\bin\nvcoas.exe" [12/10/2007 03:36 PM]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE" [09/18/2007 12:41 PM]
S2 PlugPlayRPC;Plug and Play (RPC);C:\Windows\portsv.exe service []
S3 GTFFBUS;GT FF BUS;C:\Windows\system32\DRIVERS\gtffbus.sys [01/15/2007 05:48 PM]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\Windows\system32\DRIVERS\Gtm51Irp.sys [01/15/2007 05:48 PM]
S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [01/15/2007 05:48 PM]
S3 GTUQBUS;GT UQ BUS;C:\Windows\system32\DRIVERS\gtuqbus.sys [01/15/2007 05:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 03:16:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Windows\TEMP\TMP000000227D9532D64366CA39 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 06/18/2008 3:17:46
ComboFix-quarantined-files.txt 2008-06-18 01:17:40
ComboFix2.txt 2008-04-18 01:52:53

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.
Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

900 --- E O F --- 2008-06-09 22:18:01

Edited by traktor, 17 June 2008 - 07:33 PM.

  • 0

Advertisements


#11
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:01 AM, on 6/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ennitti.com/7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Mobilt Kontor.lnk = C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\Windows\portsv.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9671 bytes
  • 0

#12
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, it seems your ComboFix log has been cut-off.. Can you attached the log instead of post it? Please find ComboFix log at C:\combofix.txt


Regards
fenzodahl512
  • 0

#13
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for your patience!
Hoping its working now :-)

Attached Files


  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Great! Lets do the following...


Please navigate this file and delete it.. C:\Windows\portsv.exe



We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop PlugPlayRPC
sc delete PlugPlayRPC
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.





NEXT


I noticed that you mentioned that you have used MalwareBytes' Anti-Malware. Please run and update it..
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the following logs in your next reply.. Please post each log in separate post..

1. MalwareBytes'
2. A fresh Deckard System Scanner log (after MalwareBytes' step)


Regards
fenzodahl512
  • 0

#15
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Okey, back again from a small trip:

I am not finding the file C:\Windows\portsv.exe, not finding any portsv.exe files at all.

Service.bat have been created and runned.

Maleware logg:
Malwarebytes' Anti-Malware 1.18
Database version: 893

10:53:09 AM 6/26/2008
mbam-log-6-26-2008 (10-53-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 186107
Time elapsed: 1 hour(s), 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP