Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Smitfraud !


  • This topic is locked This topic is locked
3 replies to this topic

#1 xTReMeDTioN

xTReMeDTioN

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 08 April 2008 - 05:26 PM

Hi,

I've been infected with this annoying Smitfraud crap for a few weeks now. I have have tried everything in the world to remove it but nothing has really helped. I hope you guys can help me out fix this probleme once and for all :thumbsup:

I was unable to get rid of it with the Smitfraudfix. I followed the exact instructions and logged in via Safemode. But still no luck.

Following is the result log from Kaspersky Online Scanner:

ednesday, April 09, 2008 12:05:43 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 690768
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
Scan Statistics
Total number of scanned objects 113127
Number of viruses found 52
Number of infected objects 118
Number of suspicious objects 0
Duration of the scan process 01:31:54

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04042008-000111.log Object is locked skipped
C:\Documents and Settings\HP_Ejer\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\HP_Ejer\Application Data\Mozilla\Firefox\Profiles\ajmqvcvp.default\cert8.db Object is locked skipped
C:\Documents and Settings\HP_Ejer\Application Data\Mozilla\Firefox\Profiles\ajmqvcvp.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\HP_Ejer\Application Data\Mozilla\Firefox\Profiles\ajmqvcvp.default\history.dat Object is locked skipped
C:\Documents and Settings\HP_Ejer\Application Data\Mozilla\Firefox\Profiles\ajmqvcvp.default\key3.db Object is locked skipped
C:\Documents and Settings\HP_Ejer\Application Data\Mozilla\Firefox\Profiles\ajmqvcvp.default\parent.lock Object is locked skipped
C:\Documents and Settings\HP_Ejer\Application Data\Mozilla\Firefox\Profiles\ajmqvcvp.default\search.sqlite Object is locked skipped
C:\Documents and Settings\HP_Ejer\Application Data\Mozilla\Firefox\Profiles\ajmqvcvp.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\HP_Ejer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Application Data\Microsoft\Windows Defender\FileTracker\{EC54CEBD-1A8E-4A06-99C3-C052663099F2} Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\ajmqvcvp.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Oversigt\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Temp\Perflib_Perfdata_260.dat Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Ejer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Ejer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix\Process.exe Object is locked skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix.rar/SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix.rar/SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix.rar/SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Ejer\Skrivebord\SmitfraudFix.rar RAR: infected - 3 skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmer\Apache Software Foundation\Apache2.2\logs\access.log Object is locked skipped
C:\Programmer\Apache Software Foundation\Apache2.2\logs\error.log Object is locked skipped
C:\Programmer\ESET\cache\CACHE.NDB Object is locked skipped
C:\Programmer\ESET\infected\3HTHUTDA.NQF/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\3HTHUTDA.NQF/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\3HTHUTDA.NQF RarSFX: infected - 2 skipped
C:\Programmer\ESET\infected\3HTHUTDA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Programmer\ESET\infected\4SQ0SSBA.NQF/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\4SQ0SSBA.NQF/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\4SQ0SSBA.NQF RarSFX: infected - 2 skipped
C:\Programmer\ESET\infected\4SQ0SSBA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Programmer\ESET\infected\5GGFR3CA.NQF/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\5GGFR3CA.NQF/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\5GGFR3CA.NQF RarSFX: infected - 2 skipped
C:\Programmer\ESET\infected\5GGFR3CA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Programmer\ESET\infected\ASQSG1BA.NQF/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\ASQSG1BA.NQF/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\ASQSG1BA.NQF RarSFX: infected - 2 skipped
C:\Programmer\ESET\infected\ASQSG1BA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Programmer\ESET\infected\M1UW0DBA.NQF/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\M1UW0DBA.NQF/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\M1UW0DBA.NQF RarSFX: infected - 2 skipped
C:\Programmer\ESET\infected\M1UW0DBA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Programmer\ESET\infected\PMCBT2DA.NQF/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\PMCBT2DA.NQF/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\PMCBT2DA.NQF RarSFX: infected - 2 skipped
C:\Programmer\ESET\infected\PMCBT2DA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Programmer\ESET\infected\VFIEHHDA.NQF/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\VFIEHHDA.NQF/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\ESET\infected\VFIEHHDA.NQF RarSFX: infected - 2 skipped
C:\Programmer\ESET\infected\VFIEHHDA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Programmer\ESET\logs\virlog.dat Object is locked skipped
C:\Programmer\ESET\logs\warnlog.dat Object is locked skipped
C:\Programmer\Messenger Detect\MDServ.exe Infected: not-a-virus:Monitor.Win32.MSNDetect.205 skipped
C:\Programmer\Mozilla Firefox\SmitfraudFix\Process.exe Object is locked skipped
C:\Programmer\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Programmer\No-IP\Service.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\cinemst22.sys Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_720.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\yeTyezzd.sys Object is locked skipped

And following is the dss scan result log:

Deckard's System Scanner v20071014.68
Run by HP_Ejer on 2008-04-09 00:16:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-08 22:16:20 UTC - RP1 - Systemkontrolpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-09 00:18:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\hp\KBD\kbd.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Remote Master\Remote Master.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\WebcamMax\wcmmon.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\Microsoft ActiveSync\rapimgr.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Creative Home\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Programmer\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\DirectUpdate v4\DUEngine.exe
C:\Programmer\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Programmer\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Messenger Detect\MDServ.exe
C:\Programmer\Messenger Detect\MDetect.exe
C:\Programmer\No-IP\DUC20.exe
C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\ESET\nod32krn.exe
C:\Documents and Settings\HP_Ejer\Skrivebord\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Programmer\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5e9c6c45-d781-4b7c-b493-91eb28146090} - C:\WINDOWS\system32\pmkjg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Programmer\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AMsnMonitor] "C:\Programmer\MSN Messenger\MsnChecker\A_MSN_Monitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [FSWebServer] C:\Programmer\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Programmer\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Remote Master] C:\Programmer\Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Programmer\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SoonR] "C:\Programmer\SoonR\SoonR Desktop Client\SoonrClient.exe" -boot
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BlackMoon FTP Server] C:\Programmer\BlackMoon FTP Server\blackmoon.exe autologin minimize
O4 - HKCU\..\Run: [DUControl] "C:\Programmer\DirectUpdate v4\DUControl.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Programmer\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Event Planner Reminder 2008.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmer\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/au...tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/...B/e-Safekey.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E72766F-8C6F-4995-8FFC-5EA5B69E7332}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmer\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmer\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Skype\Plugin Manager\Skype4COM.dll (file missing)
O20 - Winlogon Notify: wvututs - C:\WINDOWS\system32\wvututs.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Programmer\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DirectUpdate engine (DirectUpdate) - WildUP - C:\Programmer\DirectUpdate v4\DUEngine.exe
O23 - Service: Easy File Sharing Web Service - EFS Software, Inc. - C:\Programmer\Easy File Sharing Web Server\fswsService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Programmer\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Programmer\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: MDServ - formessengers.com - C:\Programmer\Messenger Detect\MDServ.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Programmer\ESET\nod32krn.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programmer\No-IP\DUC20.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\winvnc4.exe


--
End of file - 15173 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Programmer\IconPackager\Themes\FauxS-XP (Amber) V1.5\FauxS-XP (Amber) V1.5.icl,67
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\Programmer\IconPackager\Themes\FauxS-XP (Amber) V1.5\FauxS-XP (Amber) V1.5.icl,57
.js - jsfile - DefaultIcon - unable to read value
.txt - txtfile - DefaultIcon - C:\Programmer\IconPackager\Themes\FauxS-XP (Amber) V1.5\FauxS-XP (Amber) V1.5.icl,69


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PzWDM - c:\windows\system32\drivers\pzwdm.sys <Not Verified; Prassi Technology; PzWDM>
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R1 cinemst22 - c:\windows\system32\drivers\cinemst22.sys
R1 ISODrive (ISO CD-ROM Device Driver) - c:\programmer\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 amon - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
R2 drhard - c:\windows\system32\drivers\drhard.sys <Not Verified; Licensed for Gebhard Software; DRHARD Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
R3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys (file missing)
S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys (file missing)
S1 intelppm (Driver til Intel-processor) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys (file missing)
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys (file missing)
S3 BTCAMDRV (Mobiola Web Camera driver) - c:\windows\system32\drivers\btcamdrv.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 profos - c:\programmer\fælles filer\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 trufos - c:\programmer\fælles filer\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys (file missing)
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys (file missing)
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys <Not Verified; VMware, Inc.; VMware virtual network adapter driver (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2 - "c:\programmer\apache software foundation\apache2.2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Apple Mobile Device - "c:\programmer\fælles filer\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 FirebirdGuardianDefaultInstance (Firebird Guardian - DefaultInstance) - c:\programmer\firebird\firebird_2_1\bin\fbguard.exe -s defaultinstance <Not Verified; FirebirdSQL Project; Firebird SQL Server>
R2 MDServ - "c:\programmer\messenger detect\mdserv.exe" <Not Verified; formessengers.com; Messenger Detect Service>
R2 NoIPDUCService - c:\programmer\no-ip\duc20.exe -service <Not Verified; Vitalwerks LLC; DUC v2.2.1.0>
R2 nTuneService (nTune Service) - c:\programmer\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\programmer\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R3 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - c:\programmer\firebird\firebird_2_1\bin\fbserver.exe -s defaultinstance <Not Verified; FirebirdSQL Project; Firebird SQL Server>

S2 Easy File Sharing Web Service - c:\programmer\easy file sharing web server\fswsservice.exe <Not Verified; EFS Software, Inc.; SSLService>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-08 22:02:45 324 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-27 16:21:01 278 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-08 21:59:57 4 --a------ C:\WINDOWS\system32\swsfe.dll
2008-04-08 21:41:55 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-08 21:41:55 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-08 21:41:55 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-08 21:41:55 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-08 21:41:55 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-08 21:41:55 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-08 21:35:35 185 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2008-04-08 09:02:07 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 22:27:00 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\muvee Technologies
2008-04-06 21:35:43 0 d-------- C:\Programmer\Fælles filer\muvee Technologies
2008-04-06 21:35:16 0 d-------- C:\Programmer\muvee Technologies
2008-04-06 21:34:19 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\InstallShield
2008-04-05 12:28:36 274432 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-04-05 12:28:35 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2008-04-05 09:21:10 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-05 04:07:33 5328 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 02:40:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-04 05:59:32 10456 --ahs---- C:\WINDOWS\system32\aybeg.ini2
2008-04-04 04:52:41 0 d-------- C:\VundoFix Backups
2008-04-04 04:31:03 0 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-04-04 03:38:27 8298 --ahs---- C:\WINDOWS\system32\pstwa.ini2
2008-04-04 02:08:02 0 d-------- C:\Programmer\Lavasoft
2008-04-04 02:08:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 00:00:47 0 d-------- C:\Programmer\Windows Defender
2008-04-03 23:20:52 0 d-------- C:\Programmer\AVG
2008-04-03 23:20:51 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-03 22:49:12 0 d-------- C:\Programmer\Fælles filer\BitDefender
2008-04-03 21:25:13 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-03 20:32:40 58733 --ahs---- C:\WINDOWS\system32\gjkmp.ini2
2008-04-03 20:23:23 86144 --a------ C:\WINDOWS\system32\drivers\cinemst22.sys
2008-04-03 20:23:14 55956 --a------ C:\WINDOWS\yeTyezzd.sys
2008-04-03 08:52:57 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\LimeWire
2008-04-03 08:52:41 0 d-------- C:\Programmer\LimeWire
2008-04-03 02:31:41 0 d-------- C:\Programmer\Call of Duty 4 - Modern Warfare
2008-04-02 23:48:10 0 d-------- C:\Programmer\GameShadow
2008-04-02 23:23:48 0 d-------- C:\Programmer\OpenAL
2008-04-02 16:55:45 0 d-------- C:\Programmer\Revo Uninstaller
2008-04-02 05:21:33 0 d-------- C:\Programmer\Microsoft Games
2008-04-01 19:33:46 0 d-------- C:\Programmer\Command & Conquer 3
2008-04-01 19:19:38 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\Command & Conquer 3 Kane's Wrath
2008-04-01 05:33:30 0 d-------- C:\Programmer\Command & Conquer 3 Kane's Wrath
2008-04-01 02:37:33 0 d-------- C:\Programmer\SpeedEDIT QuickStart
2008-04-01 01:45:45 0 d--h----- C:\Documents and Settings\HP_Ejer\NewTek Info
2008-04-01 01:45:02 0 d-------- C:\Documents and Settings\HP_Ejer\My Documents
2008-04-01 01:45:02 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\NewTek
2008-04-01 01:21:12 241664 --a------ C:\WINDOWS\system32\NewTek_SpeedHQ_Codec.dll
2008-04-01 01:19:56 110592 --a------ C:\WINDOWS\system32\NewTek_Codec.dll
2008-04-01 01:19:46 0 d-------- C:\Programmer\NewTek
2008-03-28 06:05:49 0 d-------- C:\Programmer\Virtual Earth 3D
2008-03-28 05:42:02 0 d-------- C:\Programmer\NVIDIA Corporation
2008-03-28 05:40:53 0 d-------- C:\Programmer\NVIDIA nTune Performance Application
2008-03-28 05:34:32 0 d-------- C:\NVIDIA
2008-03-28 05:27:33 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\SystemRequirementsLab
2008-03-28 05:23:11 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-03-26 00:34:42 0 d-------- C:\Programmer\SpacialAudio
2008-03-26 00:34:35 442368 --a------ C:\WINDOWS\system32\GDS32.DLL <Not Verified; FirebirdSQL Project; Firebird SQL Server>
2008-03-26 00:34:25 0 d-------- C:\Programmer\Firebird
2008-03-26 00:22:09 0 d-------- C:\Programmer\MySQL
2008-03-26 00:06:12 163840 -----n--- C:\WINDOWS\system32\fpres532.dll <Not Verified; FinePrint Software, LLC; FinePrint>
2008-03-26 00:06:12 323584 -----n--- C:\WINDOWS\system32\fpmon5.dll <Not Verified; FinePrint Software, LLC; FinePrint>
2008-03-25 23:58:42 126976 -----n--- C:\WINDOWS\system32\fppr332.dll <Not Verified; FinePrint Software, LLC; pdfFactory>
2008-03-25 23:58:42 331776 -----n--- C:\WINDOWS\system32\fppmon3.dll <Not Verified; FinePrint Software, LLC; pdfFactory>
2008-03-25 23:41:17 0 d-------- C:\Programmer\Hewlett-Packard
2008-03-25 23:36:02 120212 --a------ C:\WINDOWS\hpoins11.dat
2008-03-25 23:34:53 6947 --a------ C:\WINDOWS\hpomdl11.dat
2008-03-25 01:43:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-25 01:29:06 0 d-------- C:\Programmer\Messenger Plus! Live
2008-03-23 02:17:33 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\WinBatch
2008-03-22 03:25:29 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\Hallmark
2008-03-22 03:15:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative Home
2008-03-22 02:37:52 0 d-------- C:\Programmer\Fælles filer\Nova Development
2008-03-22 02:36:10 0 d-------- C:\Programmer\Creative Home
2008-03-22 02:32:56 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-03-22 02:32:52 0 d-------- C:\Programmer\MagicDisc
2008-03-21 16:54:45 0 d-------- C:\Programmer\DAEMON Tools Pro
2008-03-17 22:50:41 23600 --a------ C:\WINDOWS\system32\drivers\drhard.sys <Not Verified; Licensed for Gebhard Software; DRHARD Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-03-17 22:50:38 0 d-------- C:\Programmer\Dr.Hardware 2008 english
2008-03-16 03:44:12 0 d-------- C:\Programmer\AC3Filter
2008-03-16 02:36:46 0 d-------- C:\Programmer\DVD Audio Extractor
2008-03-16 02:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-03-16 02:28:31 0 d-------- C:\Programmer\WebcamMax
2008-03-16 02:23:13 0 d-------- C:\Programmer\Common Files
2008-03-16 02:21:56 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\Webcammax
2008-03-13 22:15:12 0 d-------- C:\Documents and Settings\HP_Ejer\Bluetooth Software
2008-03-13 22:05:21 0 d-------- C:\Programmer\WIDCOMM
2008-03-13 07:05:40 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\OpenOffice.org2
2008-03-13 07:03:58 0 d-------- C:\Programmer\OpenOffice.org 2.3
2008-03-13 06:57:31 0 d-------- C:\Programmer\Fælles filer\Java
2008-03-10 17:24:14 0 d-------- C:\Programmer\Remote Master
2008-03-10 17:22:13 67384 --a------ C:\WINDOWS\system32\drivers\btwusb.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
2008-03-10 17:22:03 77824 -ra------ C:\WINDOWS\system32\btw_ci.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>


-- Find3M Report ---------------------------------------------------------------

2008-04-08 21:35:41 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-07 14:04:40 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\uTorrent
2008-04-06 23:26:58 950 --a------ C:\AUTOEXEC.BAT
2008-04-06 23:26:47 0 d--h----- C:\Programmer\InstallShield Installation Information
2008-04-06 22:46:10 0 d-------- C:\Programmer\oDC
2008-04-06 21:38:40 0 d-------- C:\Programmer\utorrent
2008-04-06 21:35:43 0 d-------- C:\Programmer\Fælles filer
2008-04-05 04:30:20 0 d-------- C:\Programmer\Active Desktop Calendar
2008-04-05 03:32:18 0 d-------- C:\Programmer\Kaspersky Lab
2008-04-04 16:28:10 126976 --a------ C:\WINDOWS\system32\snapapi.dll <Not Verified; Acronis; Acronis Snapshot API>
2008-04-04 16:28:10 37888 --a------ C:\WINDOWS\system32\setupnt.dll <Not Verified; ; Setupnt Dynamic Link Library>
2008-04-04 16:28:09 0 d-------- C:\Programmer\Acronis
2008-04-04 15:59:36 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\Skype
2008-04-04 06:17:57 461154 --a------ C:\WINDOWS\system32\perfh006.dat
2008-04-04 06:17:57 84560 --a------ C:\WINDOWS\system32\perfc006.dat
2008-04-04 04:30:28 0 d-------- C:\Programmer\Zoom Player
2008-04-04 03:31:15 0 d-------- C:\Programmer\UltraISO
2008-04-04 02:06:51 0 d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-03 23:32:37 0 d-------- C:\Programmer\AV Vcs 6.0 DIAMOND
2008-04-02 06:25:23 0 d-------- C:\Programmer\FolderSizes
2008-03-28 06:06:59 4899 --a------ C:\WINDOWS\mozver.dat
2008-03-25 20:34:25 0 d-------- C:\Programmer\HP
2008-03-25 20:21:09 0 d-------- C:\Programmer\Fælles filer\Sonic Shared
2008-03-13 14:05:44 0 d-------- C:\Programmer\Fælles filer\EZB Systems
2008-03-13 12:56:23 7036 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-13 06:58:21 0 d-------- C:\Programmer\Java
2008-03-13 06:55:30 0 d-------- C:\Programmer\WinPcap
2008-03-13 03:00:53 0 d-------- C:\Programmer\Microsoft Works
2008-03-13 02:56:25 0 d-------- C:\Programmer\MSBuild
2008-03-03 17:00:39 0 d-------- C:\Programmer\QuickTime
2008-03-01 08:30:49 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\Move Networks
2008-03-01 05:31:01 32 --a------ C:\WINDOWS\0
2008-03-01 05:16:29 0 d-------- C:\Programmer\IVT Corporation
2008-02-29 07:59:13 0 d-------- C:\Programmer\Google
2008-02-23 18:40:46 0 d-------- C:\Programmer\Fælles filer\Adobe
2008-02-21 23:02:04 0 d-------- C:\Programmer\BlueAuditor
2008-02-17 01:04:49 0 d-------- C:\Programmer\ImgBurn
2008-02-14 23:52:40 0 d-------- C:\Programmer\Picasa2
2008-02-13 00:51:03 0 d-------- C:\Programmer\Microsoft Silverlight
2008-02-11 21:56:39 0 d-------- C:\Programmer\Windows Live
2008-02-11 21:50:15 0 d-------- C:\Programmer\MSN Messenger
2008-02-11 21:48:33 0 d--hs--c- C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-02-09 22:50:04 0 --a------ C:\WINDOWS\system32\0
2008-02-09 18:30:13 0 d-------- C:\Documents and Settings\HP_Ejer\Application Data\Samsung
2008-02-09 18:21:18 0 d-------- C:\Programmer\Samsung


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e9c6c45-d781-4b7c-b493-91eb28146090}]
C:\WINDOWS\system32\pmkjg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07-05-1998 18:04]
"HPHUPD08"="c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14-04-2004 22:43]
"AlcxMonitor"="ALCXMNTR.EXE" [07-09-2004 22:47 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [14-12-2004 02:23]
"UnlockerAssistant"="C:\Programmer\Unlocker\UnlockerAssistant.exe" [01-03-2008 07:10]
"AMsnMonitor"="C:\Programmer\MSN Messenger\MsnChecker\A_MSN_Monitor.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [27-08-2004 14:00 C:\WINDOWS\system32\bthprops.cpl]
"KBD"="C:\HP\KBD\KBD.EXE" [02-02-2005 16:44]
"FSWebServer"="C:\Programmer\Easy File Sharing Web Server\fsws.exe" []
"ISUSPM Startup"="C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [28-07-2004 00:50]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" []
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [07-02-2007 17:24]
"LanguageShortcut"="C:\Programmer\CyberLink\PowerDVD\Language\Language.exe" [07-02-2007 17:21]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [14-09-2007 10:00]
"DUControl"="" []
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 23:16]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [01-01-2007 23:22]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [01-02-2008 00:13]
"Remote Master"="C:\Programmer\Remote Master\Remote Master.exe" [24-09-2004 16:22]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
"WebcamMaxMoniter"="C:\Programmer\WebcamMax\wcmmon.exe" [09-02-2008 06:58]
"pdfFactory Pro Dispatcher v3"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [27-02-2008 20:28]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [25-02-2008 23:54]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28-08-2007 01:59]
"nwiz"="nwiz.exe" [02-08-2005 17:30 C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [03-11-2006 19:20]
"nod32kui"="C:\Programmer\Eset\nod32kui.exe" [31-05-2006 02:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [27-08-2004 14:00]
"Active Desktop Calendar"="C:\Programmer\Active Desktop Calendar\ADC.exe" []
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe" [26-06-2006 16:13]
"SoonR"="C:\Programmer\SoonR\SoonR Desktop Client\SoonrClient.exe" []
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21-06-2007 23:36]
"BlackMoon FTP Server"="C:\Programmer\BlackMoon FTP Server\blackmoon.exe" []
"DUControl"="C:\Programmer\DirectUpdate v4\DUControl.exe" [07-11-2007 13:00]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [23-10-2007 23:18]
"NVIDIA nTune"="C:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" [04-09-2007 20:25]

C:\Documents and Settings\HP_Ejer\Menuen Start\Programmer\Start\
MagicDisc.lnk - C:\Programmer\MagicDisc\MagicDisc.exe [22-03-2008 02:32:52]
OpenOffice.org 2.3.lnk - C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe [14-11-2007 18:32:04]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe [07-06-2006 18:05:38]
Event Planner Reminder 2008.lnk - C:\WINDOWS\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [22-03-2008 03:09:55]
Monitor Apache Servers.lnk - C:\Programmer\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [09-01-2007 23:20:44]
SnagIt 8.lnk - C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe [01-05-2007 12:11:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvututs]
wvututs.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8122 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-09 00:19:01 ------------

BC AdBot (Login to Remove)

 


#2 xTReMeDTioN

xTReMeDTioN
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 10 April 2008 - 06:41 AM

?

Anyone here?

#3 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 11 April 2008 - 06:28 AM

Hello! Welcome to forums! We have been very busy lately so please be patient! :thumbsup:

You should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:18 AM

Posted 30 April 2008 - 09:59 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users