Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Keeps Teasing Me


  • This topic is locked This topic is locked
7 replies to this topic

#1 senior03

senior03

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 27 July 2008 - 04:23 PM

Since yesterday or so i noticed that there was something wrong with my pc, slow, sex ads where they shouldnt be, being able to go to google but not google search. Earlier today i scanned my computer with spybot s&d and it found
virtumonde.prx
virtumonde.dll
microsoft.windowssecuritycentercenter.firewalloverride
microsoft.windowssecuritycentercenter.antivirusoverride
BHO (what ever that is)

and some other long named cookies and other weird stuff i had no idea what was, well i supposedly destroyed it and everything seemed fine, now its back, trying to visit a certain website and itll give me pop up.

the reason to why i found out it came back, or suspected it did was because i was getting an alert from spybot s&d that some file wanted to change itself so it could start, i pressed dont allow and remember this option then in my bottom right corner there started coming alerts from spybot that it was blocked, but it was as if it kept trying since there was at least 5 alerts up running all the time.


The only way im able to post here is because i shut down explorer.exe so it couldnt run any .dlls, windows firewall was on when i was struck by the pop up again by the way.

Anyways heres the 1stlog from DSS

Deckard's System Scanner v20071014.68
Run by Samir on 2008-07-27 23:03:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
40: 2008-07-27 21:03:17 UTC - RP77 - Deckard's System Scanner Restore Point
39: 2008-07-27 16:13:29 UTC - RP76 - after deleting virtumonde
38: 2008-07-27 16:05:46 UTC - RP75 - Removed Ad-Aware
37: 2008-07-27 13:48:49 UTC - RP74 - Installed Ad-Aware
36: 2008-07-27 13:14:36 UTC - RP73 - before deleting pmnnkefg.dll


-- First Restore Point --
1: 2008-07-25 14:14:54 UTC - RP38 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Samir.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:25, on 27-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmer\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Programmer\Unlocker\UnlockerAssistant.exe
C:\Programmer\DAEMON Tools Lite\daemon.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmer\uTorrent\uTorrent.exe
C:\Programmer\DNA\btdna.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Samir\Skrivebord\dss.exe
C:\DOCUME~1\Samir\SKRIVE~1\Samir.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.klub.amitech.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8FD1D8CB-F3D4-43B1-A347-6E4610F7D49B} - C:\WINDOWS\system32\ljJBtsrs.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AudioDeck] "C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe" 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Spy Protector] C:\Programmer\Security Task Manager\SpyProtector.exe/autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [b04fded8] rundll32.exe "C:\WINDOWS\system32\xjauwlia.dll",b
O4 - HKLM\..\Run: [BMb37ced44] Rundll32.exe "C:\WINDOWS\system32\nwkavfrt.dll",s
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Programmer\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmer\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215172496203
O17 - HKLM\System\CCS\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CCS\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CS1\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O17 - HKLM\System\CS2\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CS2\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O20 - Winlogon Notify: pmnnKefG - pmnnKefG.dll (file missing)
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Programmer\Webroot\Washer\WasherSvc.exe

--
End of file - 6361 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Samir\SKRIVE~1\backups\) --------------

backup-20080710-040113-565 O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programmer\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
backup-20080710-040113-877 O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programmer\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
backup-20080710-040114-120 O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
backup-20080710-040156-809 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080726-234319-278 O4 - HKLM\..\Run: [b04fded8] "rundll32.exe" "C:\WINDOWS\system32\ywfbmxwq.dll",b
backup-20080726-234319-696 O4 - HKLM\..\Run: [BMb37ced44] Rundll32.exe "C:\WINDOWS\system32\lnmluoko.dll",s
backup-20080727-140229-435 O4 - HKLM\..\Run: [BMb37ced44] Rundll32.exe "C:\WINDOWS\system32\lnmluoko.dll",s

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (Bonjour-tjeneste) - c:\programmer\bonjour\mdnsresponder.exe <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\programmer\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S3 FLEXnet Licensing Service - "c:\programmer\fælles filer\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 23:13:53 326 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 22:56:22 81408 --a------ C:\WINDOWS\system32\xjauwlia.dll
2008-07-27 22:54:07 89088 --a------ C:\WINDOWS\system32\nwkavfrt.dll
2008-07-27 22:53:07 118784 --a------ C:\WINDOWS\system32\ljkyqcjb.dll
2008-07-27 22:50:07 81408 -----n--- C:\WINDOWS\system32\gvymbyxp.dll
2008-07-27 22:47:11 89088 --a------ C:\WINDOWS\system32\rforwkys.dll
2008-07-27 20:21:51 0 dr-h----- C:\Documents and Settings\Samir\Recent
2008-07-27 15:48:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:40:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 15:14:20 0 d-------- C:\Documents and Settings\Samir\Application Data\Desktopicon
2008-07-26 22:56:23 294 ---hs---- C:\WINDOWS\system32\qwxmbfwy.ini2
2008-07-26 22:47:09 80896 --a------ C:\WINDOWS\system32\ywfbmxwq.dll
2008-07-26 22:45:13 96256 --a------ C:\WINDOWS\system32\rydfmh.dll
2008-07-26 22:45:11 96256 --a------ C:\WINDOWS\system32\srkmubof.dll
2008-07-26 22:37:40 96256 --a------ C:\WINDOWS\system32\zdedmx.dll
2008-07-26 22:37:36 96256 --a------ C:\WINDOWS\system32\kymynraj.dll
2008-07-26 22:32:23 89600 --a------ C:\WINDOWS\system32\fimbhwgj.dll
2008-07-26 22:31:33 384209 --ahs---- C:\WINDOWS\system32\srstBJjl.ini2
2008-07-26 22:31:26 246272 --a------ C:\WINDOWS\system32\ljJBtsrs.dll
2008-07-26 21:51:57 0 d-------- C:\Programmer\Fælles filer\Webroot Shared
2008-07-26 21:44:39 0 d-------- C:\Programmer\Webroot
2008-07-26 21:44:39 0 d-------- C:\Documents and Settings\Samir\Application Data\Webroot
2008-07-26 21:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-26 21:36:11 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-26 20:09:59 96256 --a------ C:\WINDOWS\system32\qrkuxbjw.dll
2008-07-26 20:06:50 391304 --ahs---- C:\WINDOWS\system32\Qrqqqtwa.ini2
2008-07-26 19:12:23 0 d-------- C:\Programmer\Alwil Software
2008-07-26 18:57:50 0 d-------- C:\Programmer\Security Task Manager
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Skrivebord <SKRIVE~1>
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Skabeloner <SKABEL~1>
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Printere
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Menuen Start <MENUEN~1>
2008-07-26 18:34:06 0 d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger <LOKALE~1>
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Foretrukne <FORETR~1>
2008-07-26 18:34:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Andre computere <ANDREC~1>
2008-07-26 18:34:05 3145728 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-26 18:31:57 89600 --a------ C:\WINDOWS\system32\xwtpechr.dll
2008-07-26 18:29:03 96256 --a------ C:\WINDOWS\system32\bexsnxuo.dll
2008-07-26 18:25:49 96256 --a------ C:\WINDOWS\system32\thikww.dll
2008-07-26 18:25:47 96256 --a------ C:\WINDOWS\system32\smcpeiwq.dll
2008-07-26 18:25:38 89600 --a------ C:\WINDOWS\system32\jjcbjgim.dll
2008-07-26 18:24:56 387144 --ahs---- C:\WINDOWS\system32\vvyadccf.ini2
2008-07-26 17:55:03 96256 --a------ C:\WINDOWS\system32\ckifwexh.dll
2008-07-26 17:50:35 89600 --a------ C:\WINDOWS\system32\pydjnddp.dll
2008-07-25 16:15:10 6815744 --a------ C:\Documents and Settings\Samir\ntuser.dat
2008-07-25 16:14:40 386200 --ahs---- C:\WINDOWS\system32\UBIiRqru.ini2
2008-07-22 19:58:30 0 d-------- C:\Programmer\Combined Community Codec Pack
2008-07-21 11:19:53 0 d-------- C:\Programmer\Project64 1.6
2008-07-20 23:05:36 0 d-------- C:\Programmer\CD Audio Reader Filter
2008-07-20 23:05:34 0 d-------- C:\Programmer\DScaler5
2008-07-20 23:05:24 0 d-------- C:\Programmer\OpenSource Flash Video Splitter
2008-07-20 23:05:16 0 d-------- C:\Programmer\RealMedia
2008-07-20 23:03:52 0 d-------- C:\Programmer\SHOUTcast Source
2008-07-20 23:03:47 0 d-------- C:\Programmer\Haali
2008-07-20 23:03:37 0 d-------- C:\Programmer\DSP-worx
2008-07-20 23:03:27 0 d-------- C:\Programmer\DirectVobSub
2008-07-20 23:02:59 0 d-------- C:\Programmer\Zoom Player
2008-07-17 01:30:59 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-07-17 01:30:21 0 d-------- C:\Program Files
2008-07-17 00:41:04 0 d-------- C:\Programmer\DNA
2008-07-17 00:41:04 0 d-------- C:\Documents and Settings\Samir\Application Data\DNA
2008-07-17 00:35:58 160570 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2008-07-17 00:35:58 0 d-------- C:\Programmer\Sqirlz Water Reflections
2008-07-16 03:52:42 23 --ahs---- C:\WINDOWS\system32\eaaddfa_g.dll
2008-07-16 03:52:11 0 d-------- C:\Programmer\RegSupreme
2008-07-16 03:45:49 0 d-------- C:\Documents and Settings\Samir\Application Data\Help
2008-07-16 03:42:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-15 12:07:06 0 d-------- C:\Programmer\CoreCodec
2008-07-13 00:28:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-07-13 00:28:41 0 d-------- C:\Programmer\Transparent
2008-07-11 01:02:27 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-07-11 01:02:27 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-07-11 01:02:25 0 d-------- C:\Programmer\Magic Video Converter
2008-07-10 23:09:12 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-07-10 23:09:12 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-10 23:09:11 0 d-------- C:\Programmer\ffdshow
2008-07-10 23:05:53 0 d-------- C:\Documents and Settings\Samir\Application Data\Apple Computer
2008-07-10 22:16:56 0 d-------- C:\WINDOWS\system32\QuickTime
2008-07-10 21:11:15 0 d-------- C:\Programmer\QuickTime
2008-07-10 20:15:53 0 d-------- C:\Programmer\ACE Mega CoDecS Pack3
2008-07-10 19:04:01 0 d-------- C:\Documents and Settings\Samir\Application Data\DivX
2008-07-10 19:04:00 0 d-------- C:\Documents and Settings\Samir\Application Data\Media Player Classic
2008-07-10 19:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-10 18:37:43 0 d-------- C:\Programmer\DivX
2008-07-10 17:32:51 0 d-------- C:\Programmer\MagicISO
2008-07-09 18:35:11 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-09 17:30:49 0 d-------- C:\Documents and Settings\Samir\Application Data\Leadertech
2008-07-09 09:45:02 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-09 09:23:00 0 d-------- C:\Programmer\Smart Projects
2008-07-09 06:03:35 0 d-------- C:\Programmer\OpenAL
2008-07-09 06:03:34 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-07-09 06:03:34 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-07-09 05:08:04 0 d-------- C:\Documents and Settings\Samir\Application Data\dvdcss
2008-07-07 15:44:47 0 d-------- C:\Programmer\Fælles filer\Adobe AIR
2008-07-07 15:35:05 0 d-------- C:\Programmer\NOS
2008-07-07 15:35:05 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-07 12:15:58 0 d-------- C:\Programmer\uTorrent
2008-07-06 18:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-06 12:28:41 0 d-------- C:\Programmer\7-Zip
2008-07-06 08:16:19 0 d-------- C:\Programmer\PeerGuardian2
2008-07-06 08:01:26 0 d-------- C:\Programmer\Download Direct
2008-07-06 08:00:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 08:00:34 0 d-------- C:\Fraps
2008-07-06 03:00:43 0 d-------- C:\Programmer\MSXML 4.0
2008-07-05 23:09:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-05 22:58:23 0 d-------- C:\Documents and Settings\Samir\Application Data\Uniblue
2008-07-05 22:54:49 0 d-------- C:\Programmer\Uniblue
2008-07-05 11:03:25 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-07-04 22:17:37 0 d-------- C:\Programmer\VIA
2008-07-04 21:43:49 528 --a------ C:\WINDOWS\eReg.dat
2008-07-04 21:28:56 0 d-------- C:\Programmer\GameSpy Arcade
2008-07-04 21:27:57 0 d-------- C:\Programmer\EA GAMES
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\XIRCOM
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\WINS
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\INETSRV
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\IME
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\EXPORT
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\drivers\DISDN
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\DHCP
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\3COM_DMI
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\3076
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\2052
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1054
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1042
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1041
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1037
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1031
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1028
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1025
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\MUI
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\MSAPPS
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\JAVA
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\Config
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\ADDINS
2008-07-04 21:18:55 0 d-------- C:\Programmer\WindowsUpdate
2008-07-04 21:18:55 0 d-------- C:\Programmer\microsoft frontpage
2008-07-04 21:18:55 0 d-------- C:\Programmer\Fælles filer\ODBC
2008-07-04 21:18:55 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Skrivebord <SKRIVE~1>
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Recent
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Printere
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Foretrukne <FORETR~1>
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Andre computere <ANDREC~1>
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\All Users\Skabeloner <SKABEL~1>
2008-07-04 21:18:48 85504 -----n--- C:\WINDOWS\Setup.exe <Not Verified; Amitech Danmark A/S; Setup>
2008-07-04 21:18:18 926 -----n--- C:\WINDOWS\XECHO.EXE
2008-07-04 21:18:18 45056 -----n--- C:\WINDOWS\xcacls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-04 21:18:18 15683 -----n--- C:\WINDOWS\Settings.vbs
2008-07-04 21:18:18 43520 -----n--- C:\WINDOWS\Settings.EXE <Not Verified; Amitech Danmark A/S; Settings>
2008-07-04 21:18:18 890 -----n--- C:\WINDOWS\SetDisp.vbs
2008-07-04 21:18:18 9216 -----n--- C:\WINDOWS\SetDisp.exe <Not Verified; Amitech Danmark A/S; SetDisp>
2008-07-04 21:18:18 1923 -----n--- C:\WINDOWS\ServicePack.vbs
2008-07-04 21:18:18 8704 -----n--- C:\WINDOWS\NumLock.exe <Not Verified; Amitech Danmark A/S; NumLock>
2008-07-04 21:18:18 35 -----n--- C:\WINDOWS\Mobile.cmd
2008-07-04 21:18:18 76288 -----n--- C:\WINDOWS\HWInfo.exe <Not Verified; Amitech Danmark A/S; HWInfo>
2008-07-04 21:18:18 1904 -----n--- C:\WINDOWS\Hibernate.vbs
2008-07-04 21:18:18 55808 -----n--- C:\WINDOWS\devcon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-04 21:18:18 0 d-------- C:\Documents and Settings\All Users\Skrivebord <SKRIVE~1>
2008-07-04 21:18:18 0 d-------- C:\Documents and Settings\All Users\Lokale indstillinger <LOKALE~1>
2008-07-04 21:18:18 0 d-------- C:\Documents and Settings\All Users\Foretrukne <FORETR~1>
2008-07-04 21:18:18 0 d-------- C:\Amitech
2008-07-04 21:18:17 0 d-------- C:\WINDOWS\SP
2008-07-04 21:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-04 21:18:11 0 d-------- C:\WINDOWS\Install
2008-07-04 21:17:20 0 d-------- C:\Documents and Settings\All Users\Address Book
2008-07-04 21:16:27 324656 --a------ C:\WINDOWS\system32\PERFH006.DAT
2008-07-04 21:16:27 47086 --a------ C:\WINDOWS\system32\PERFC006.DAT
2008-07-04 21:16:05 21644 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-04 21:15:53 0 d-------- C:\WINDOWS\system32\WBEM
2008-07-04 21:15:53 0 d-------- C:\WINDOWS\system32\USMT
2008-07-04 21:15:53 0 d-------- C:\WINDOWS\system32\SPOOL
2008-07-04 21:15:52 0 d-------- C:\WINDOWS\system32\Setup
2008-07-04 21:15:52 0 d-------- C:\WINDOWS\system32\Restore
2008-07-04 21:15:52 0 d-------- C:\WINDOWS\system32\RAS
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\OOBE
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\NPP
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\MUI
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\Microsoft
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\ICSXML
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\IAS
2008-07-04 21:15:46 0 d-------- C:\WINDOWS\system32\DRIVERS
2008-07-04 21:15:46 0 d-------- C:\WINDOWS\system32\drivers\ETC
2008-07-04 21:14:37 0 d-------- C:\WINDOWS\system32\DLLCACHE
2008-07-04 21:14:36 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-04 21:14:34 0 d-------- C:\WINDOWS\system32\CONFIG
2008-07-04 21:14:34 0 d-------- C:\WINDOWS\system32\Com
2008-07-04 21:14:34 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-04 21:14:33 0 d-------- C:\WINDOWS\SYSTEM32
2008-07-04 21:14:33 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-04 21:14:33 0 d-------- C:\WINDOWS\system32\1033
2008-07-04 21:14:33 0 d-------- C:\WINDOWS\system32\1030
2008-07-04 21:13:59 0 d-------- C:\WINDOWS\Driver Cache
2008-07-04 21:12:42 0 -rahs---- C:\MSDOS.SYS
2008-07-04 21:12:42 0 -rahs---- C:\IO.SYS
2008-07-04 21:12:41 0 --a------ C:\CONFIG.SYS
2008-07-04 21:12:41 0 --a------ C:\AUTOEXEC.BAT
2008-07-04 21:12:39 0 d-------- C:\WINDOWS\WinSxS
2008-07-04 21:12:38 0 d-------- C:\WINDOWS\Web
2008-07-04 21:12:38 0 d-------- C:\WINDOWS\TWAIN_32
2008-07-04 21:12:38 0 d-------- C:\WINDOWS\Tasks
2008-07-04 21:12:38 0 d-------- C:\WINDOWS\SYSTEM
2008-07-04 21:12:35 0 d-------- C:\WINDOWS\SRCHASST
2008-07-04 21:12:35 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-04 21:12:35 0 d-------- C:\WINDOWS\SECURITY
2008-07-04 21:12:35 0 d-------- C:\WINDOWS\Resources
2008-07-04 21:12:34 0 d-------- C:\WINDOWS\REPAIR
2008-07-04 21:12:34 0 d-------- C:\WINDOWS\Registration
2008-07-04 21:12:34 0 d-------- C:\WINDOWS\Provisioning
2008-07-04 21:12:33 0 d-------- C:\WINDOWS\PeerNet
2008-07-04 21:12:29 0 d-------- C:\WINDOWS\PCHEALTH
2008-07-04 21:12:29 0 d-------- C:\WINDOWS\Offline Web Pages
2008-07-04 21:12:27 0 d-------- C:\WINDOWS\MSAGENT
2008-07-04 21:12:27 0 d-------- C:\WINDOWS\Media
2008-07-04 21:12:27 0 d--hs---- C:\WINDOWS\Installer
2008-07-04 21:12:20 0 d-------- C:\WINDOWS\INF
2008-07-04 21:12:20 0 d-------- C:\WINDOWS\IME
2008-07-04 21:12:08 0 d-------- C:\WINDOWS\Help
2008-07-04 21:12:04 0 d-------- C:\WINDOWS
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\Fonts
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\Downloaded Program Files
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\Debug
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\Cursors
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\AppPatch
2008-07-04 21:12:03 0 d-------- C:\Programmer\Windows NT
2008-07-04 21:12:02 0 d-------- C:\Programmer\Onlinetjenester
2008-07-04 21:12:01 0 d-------- C:\Programmer\MSN Gaming Zone
2008-07-04 21:11:59 0 d-------- C:\Programmer\Movie Maker
2008-07-04 21:11:58 0 d-------- C:\Programmer\Messenger
2008-07-04 21:11:58 0 d-------- C:\Programmer\Fælles filer\Tjenester
2008-07-04 21:11:56 0 d-------- C:\Programmer\Fælles filer\SpeechEngines
2008-07-04 21:11:56 0 d-------- C:\Programmer\Fælles filer\MSSoap
2008-07-04 21:11:55 0 d-------- C:\Programmer
2008-07-04 21:11:55 0 d-------- C:\Programmer\Fælles filer
2008-07-04 21:08:59 0 d--h----- C:\I386
2008-07-04 21:08:59 229376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-04 21:08:59 0 d--h----- C:\Documents and Settings\NetworkService\Lokale indstillinger <LOKALE~1>
2008-07-04 21:08:59 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-04 21:08:59 0 d--h----- C:\Documents and Settings\LocalService\Lokale indstillinger <LOKALE~1>
2008-07-04 21:08:59 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\Skabeloner <SKABEL~1>
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\SendTo
2008-07-04 21:08:53 3145728 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\Menuen Start <MENUEN~1>
2008-07-04 21:08:53 0 d--h----- C:\Documents and Settings\Default User\Lokale indstillinger <LOKALE~1>
2008-07-04 21:08:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\All Users\Menuen Start <MENUEN~1>
2008-07-04 21:08:53 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-04 21:08:51 0 d-------- C:\Documents and Settings
2008-07-04 21:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-07-04 21:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-04 20:44:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-04 20:42:16 0 d-------- C:\Programmer\Bonjour
2008-07-04 20:13:10 0 d-------- C:\Programmer\Fælles filer\Macrovision Shared
2008-07-04 20:11:01 0 d-------- C:\Programmer\Fælles filer\Adobe
2008-07-04 19:59:54 0 d-------- C:\Programmer\NeroInstall.bak
2008-07-04 19:57:28 0 d-------- C:\Documents and Settings\Samir\Application Data\Nero
2008-07-04 19:54:06 0 d-------- C:\Programmer\Windows Media Connect 2
2008-07-04 19:47:32 0 d-------- C:\Programmer\Nero
2008-07-04 19:47:32 0 d-------- C:\Programmer\Fælles filer\Nero
2008-07-04 19:47:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-04 19:46:32 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-04 19:41:12 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-04 19:25:37 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-04 19:25:37 0 d-------- C:\Documents and Settings\Samir\Application Data\Vso
2008-07-04 19:25:37 47360 --a------ C:\Documents and Settings\Samir\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-04 19:25:21 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-04 19:25:21 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-07-04 19:25:21 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-07-04 19:25:21 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-07-04 19:25:21 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-04 19:25:17 0 d-------- C:\Programmer\VSO
2008-07-04 19:18:30 0 d-------- C:\Programmer\DAEMON Tools Lite
2008-07-04 18:41:48 0 d-------- C:\Documents and Settings\Samir\Contacts
2008-07-04 18:41:19 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-04 18:39:46 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-04 18:39:45 0 d-------- C:\Documents and Settings\Samir\Application Data\DAEMON Tools
2008-07-04 18:38:15 0 d--hs--c- C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-07-04 18:38:02 0 d-------- C:\Programmer\Windows Live
2008-07-04 18:37:46 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 17:45:40 0 d-------- C:\Documents and Settings\Samir\Application Data\Malwarebytes
2008-07-04 17:45:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 17:44:47 0 d-------- C:\Programmer\CCleaner
2008-07-04 17:12:15 0 d-------- C:\WINDOWS\system32\Lang
2008-07-04 16:52:06 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-04 16:48:32 0 d-------- C:\Documents and Settings\Samir\Application Data\vlc
2008-07-04 16:47:14 0 d-------- C:\Programmer\VideoLAN
2008-07-04 16:04:19 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-04 15:57:51 7748640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-04 15:55:48 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-07-04 15:35:52 0 d-------- C:\Documents and Settings\Samir\Application Data\WinRAR
2008-07-04 15:20:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-04 15:20:20 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-04 15:20:02 0 d-------- C:\WINDOWS\Internet Logs
2008-07-04 14:48:34 0 d-------- C:\WINDOWS\Prefetch
2008-07-04 14:36:29 0 d-------- C:\WINDOWS\system32\da-dk
2008-07-04 14:36:28 0 d-------- C:\WINDOWS\l2schemas
2008-07-04 14:36:27 0 d-------- C:\WINDOWS\system32\da
2008-07-04 14:36:27 0 d-------- C:\WINDOWS\system32\bits
2008-07-04 14:33:11 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-04 14:30:09 0 d-------- C:\WINDOWS\network diagnostic
2008-07-04 14:28:04 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-04 14:25:20 0 d-------- C:\WINDOWS\EHome
2008-07-04 14:00:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-04 13:27:32 0 d---s---- C:\Documents and Settings\Samir\UserData
2008-07-04 13:21:42 0 d-------- C:\Documents and Settings\Samir\Application Data\Macromedia
2008-07-04 13:21:42 0 d-------- C:\Documents and Settings\Samir\Application Data\Adobe
2008-07-04 13:19:42 0 d-------- C:\Documents and Settings\Samir\Application Data\uTorrent
2008-07-04 13:06:36 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-04 13:06:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-04 13:06:30 0 d-------- C:\Documents and Settings\Samir\Application Data\Mozilla
2008-07-04 12:59:34 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-04 12:52:43 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-04 12:49:25 303616 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-04 12:49:19 0 d-------- C:\Documents and Settings\Samir\WINDOWS
2008-07-04 12:31:31 0 d-------- C:\Documents and Settings\Samir\Dokumenter <DOKUME~1>
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Skrivebord <SKRIVE~1>
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Skabeloner <SKABEL~1>
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\SendTo
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Printere
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Menuen Start <MENUEN~1>
2008-07-04 12:31:27 0 d--h----- C:\Documents and Settings\Samir\Lokale indstillinger <LOKALE~1>
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Foretrukne <FORETR~1>
2008-07-04 12:31:27 0 d---s---- C:\Documents and Settings\Samir\Cookies
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Application Data <APPLIC~1>
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Application Data\Sonic
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Application Data\Identities
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Andre computere <ANDREC~1>
2008-07-04 12:31:15 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-07-04 12:31:08 0 d-------- C:\Documents and Settings\Default User\Application Data\Sonic
2008-07-04 12:31:08 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-07-04 12:26:23 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-04 12:26:21 0 d-------- C:\Programmer\r
2008-07-04 12:26:21 0 d--h----- C:\Programmer\InstallShield Installation Information
2008-07-04 12:26:21 0 d-------- C:\Programmer\CyberLink
2008-07-04 12:26:18 0 d-------- C:\Programmer\Fælles filer\InstallShield
2008-07-04 12:26:17 0 d-------- C:\Programmer\Fælles filer\Sonic
2008-07-04 12:25:50 0 d-------- C:\Programmer\Sonic
2008-07-04 12:25:37 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-04 12:23:29 0 d-------- C:\WINDOWS\nview
2008-07-04 12:20:14 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-13 22:09:30 668 --a------ C:\Documents and Settings\Samir\Application Data\vso_ts_preview.xml
2008-07-04 19:25:48 34 --a------ C:\Documents and Settings\Samir\Application Data\pcouffin.log
2008-07-04 19:25:37 1144 --a------ C:\Documents and Settings\Samir\Application Data\pcouffin.inf
2008-07-04 19:25:37 7887 --a------ C:\Documents and Settings\Samir\Application Data\pcouffin.cat
2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FD1D8CB-F3D4-43B1-A347-6E4610F7D49B}]
26-07-2008 22:31 246272 --a------ C:\WINDOWS\system32\ljJBtsrs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [14-04-2008 18:06 C:\WINDOWS\SYSTEM32\rundll32.exe]
"nwiz"="nwiz.exe" [30-10-2004 01:50 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [14-04-2008 18:06 C:\WINDOWS\SYSTEM32\rundll32.exe]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe" []
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18-02-2008 16:29]
"AudioDeck"="C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe" [09-08-2007 15:48]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12-06-2008 02:38]
"Spy Protector"="C:\Programmer\Security Task Manager\SpyProtector.exe/autostart" []
"UnlockerAssistant"="C:\Programmer\Unlocker\UnlockerAssistant.exe" [02-05-2008 06:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [04-07-2008 16:50]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
"DAEMON Tools Lite"="C:\Programmer\DAEMON Tools Lite\daemon.exe" [01-04-2008 11:39]
"uTorrent"="C:\Programmer\uTorrent\uTorrent.exe" [07-07-2008 12:15]
"BitTorrent DNA"="C:\Programmer\DNA\btdna.exe" [17-07-2008 00:41]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [07-07-2008 09:42]

C:\Documents and Settings\Samir\Menuen Start\Programmer\Start\
DESKTOP.INI [26-10-2004 19:00:14]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
DESKTOP.INI [26-10-2004 19:00:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnKefG]
pmnnKefG.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJBtsrs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-27 23:09:19 ------------

and the 2nd (extra)

i also have another problem but im not quite sure if it belongs here, when i try to run the auto windows update it wont let me, so i go cp> administration, and see if its activated, its not but when i try to activate it, it automatically goes back to deactivated :/

ive got a danish windows so if theres any word you dont understand let me know and ill translate it :thumbsup:

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 28 July 2008 - 12:21 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 senior03

senior03
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 July 2008 - 01:55 AM

Hey fenzodahl, thanks for your time and help.

Heres the combofix log

ComboFix 08-07-27.5 - Samir 2008-07-28 8:41:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.208 [GMT 2:00]
Running from: C:\Documents and Settings\Samir\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Samir\Skrivebord\WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb37ced44.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\ailwuajx.ini
C:\WINDOWS\system32\bexsnxuo.dll
C:\WINDOWS\system32\bnichbeu.ini
C:\WINDOWS\system32\ckifwexh.dll
C:\WINDOWS\system32\fimbhwgj.dll
C:\WINDOWS\system32\gvymbyxp.dll
C:\WINDOWS\system32\jjcbjgim.dll
C:\WINDOWS\system32\kymynraj.dll
C:\WINDOWS\system32\ljJBtsrs.dll
C:\WINDOWS\system32\ljkyqcjb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvvpxtvo.ini
C:\WINDOWS\system32\nwkavfrt.dll
C:\WINDOWS\SYSTEM32\pxybmyvg.ini
C:\WINDOWS\system32\pydjnddp.dll
C:\WINDOWS\system32\qrkuxbjw.dll
C:\WINDOWS\SYSTEM32\Qrqqqtwa.ini
C:\WINDOWS\SYSTEM32\Qrqqqtwa.ini2
C:\WINDOWS\SYSTEM32\qwxmbfwy.ini2
C:\WINDOWS\SYSTEM32\qwxmbfwy.tmp
C:\WINDOWS\system32\rforwkys.dll
C:\WINDOWS\system32\rydfmh.dll
C:\WINDOWS\system32\smcpeiwq.dll
C:\WINDOWS\system32\srkmubof.dll
C:\WINDOWS\SYSTEM32\srstBJjl.ini
C:\WINDOWS\SYSTEM32\srstBJjl.ini2
C:\WINDOWS\system32\thikww.dll
C:\WINDOWS\SYSTEM32\UBIiRqru.ini
C:\WINDOWS\SYSTEM32\UBIiRqru.ini2
C:\WINDOWS\system32\vvyadccf.ini
C:\WINDOWS\SYSTEM32\vvyadccf.ini2
C:\WINDOWS\system32\xjauwlia.dll
C:\WINDOWS\system32\xwtpechr.dll
C:\WINDOWS\system32\ywfbmxwq.dll
C:\WINDOWS\system32\zdedmx.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-27 23:02 . 2008-07-27 23:02 <DIR> d-------- C:\Deckard
2008-07-27 16:45 . 2008-07-27 16:45 149 --a------ C:\WINDOWS\wininit.ini
2008-07-27 15:48 . 2008-07-27 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:40 . 2008-07-27 15:40 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-07-27 15:40 . 2008-07-27 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 15:14 . 2008-07-27 15:17 <DIR> d-------- C:\Programmer\Unlocker
2008-07-27 15:14 . 2008-07-27 15:14 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\Desktopicon
2008-07-26 21:51 . <DIR> C:\Programmer\Fælles filer\Webroot Shared
2008-07-26 21:50 . 2007-08-09 13:56 69,960 --a------ C:\WINDOWS\Unwash6.exe
2008-07-26 21:44 . 2008-07-27 16:06 <DIR> d-------- C:\Programmer\Webroot
2008-07-26 21:44 . 2008-07-27 16:06 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\Webroot
2008-07-26 21:44 . 2008-07-27 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-26 21:36 . 2008-07-27 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-26 20:10 . 2008-07-26 20:10 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-26 19:12 . 2008-07-26 19:12 <DIR> d-------- C:\Programmer\Alwil Software
2008-07-26 18:57 . 2008-07-26 18:57 <DIR> d-------- C:\Programmer\Security Task Manager
2008-07-26 18:34 . 2008-07-04 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-07-26 18:34 . 2008-07-04 21:08 <DIR> d-------- C:\Documents and Settings\Administrator\Skabeloner
2008-07-26 18:34 . 2008-07-04 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Printere
2008-07-26 18:34 . 2008-07-04 21:08 <DIR> d-------- C:\Documents and Settings\Administrator\Menuen Start
2008-07-26 18:34 . 2008-07-04 21:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2008-07-26 18:34 . 2008-07-04 21:08 <DIR> d-------- C:\Documents and Settings\Administrator\Foretrukne
2008-07-26 18:34 . 2008-07-04 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Andre computere
2008-07-26 18:34 . 2008-07-26 18:34 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-25 16:15 . 2008-07-27 22:52 111,618 --a------ C:\WINDOWS\BMb37ced44.xml
2008-07-22 19:58 . 2008-07-22 19:58 <DIR> d-------- C:\Programmer\Combined Community Codec Pack
2008-07-21 11:19 . 2008-07-21 11:20 <DIR> d-------- C:\Programmer\Project64 1.6
2008-07-20 23:05 . 2008-07-20 23:05 <DIR> d-------- C:\Programmer\RealMedia
2008-07-20 23:05 . 2008-07-20 23:05 <DIR> d-------- C:\Programmer\OpenSource Flash Video Splitter
2008-07-20 23:05 . 2008-07-20 23:05 <DIR> d-------- C:\Programmer\DScaler5
2008-07-20 23:05 . 2008-07-20 23:05 <DIR> d-------- C:\Programmer\CD Audio Reader Filter
2008-07-20 23:03 . 2008-07-20 23:03 <DIR> d-------- C:\Programmer\SHOUTcast Source
2008-07-20 23:03 . 2008-07-20 23:03 <DIR> d-------- C:\Programmer\Haali
2008-07-20 23:03 . 2008-07-20 23:03 <DIR> d-------- C:\Programmer\DSP-worx
2008-07-20 23:03 . 2008-07-22 19:54 <DIR> d-------- C:\Programmer\DirectVobSub
2008-07-20 23:02 . 2008-07-26 23:20 <DIR> d-------- C:\Programmer\Zoom Player
2008-07-17 01:30 . 2008-07-17 01:30 <DIR> d-------- C:\Program Files
2008-07-17 01:30 . 2003-07-17 20:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd
2008-07-17 01:30 . 2005-01-01 11:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys
2008-07-17 00:42 . 2004-08-27 23:00 10,129,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxkor.dll
2008-07-17 00:41 . 2008-07-17 00:41 <DIR> d-------- C:\Programmer\DNA
2008-07-17 00:41 . 2008-07-28 08:46 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\DNA
2008-07-17 00:41 . 2001-08-18 06:36 8,704 --a------ C:\WINDOWS\SYSTEM32\kbdjpn.dll
2008-07-17 00:35 . 2008-07-17 00:35 <DIR> d-------- C:\Programmer\Sqirlz Water Reflections
2008-07-17 00:35 . 2008-07-17 00:35 160,570 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2008-07-16 03:52 . 2008-07-16 03:52 <DIR> d-------- C:\Programmer\RegSupreme
2008-07-16 03:52 . 2008-07-16 03:52 23 --ahs---- C:\WINDOWS\SYSTEM32\eaaddfa_g.dll
2008-07-16 03:52 . 2008-07-16 03:52 23 --a------ C:\WINDOWS\SYSTEM32\ecedcaee2_g.ocx
2008-07-16 03:42 . 2008-07-27 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-15 12:07 . 2008-07-23 06:04 <DIR> d-------- C:\Programmer\CoreCodec
2008-07-13 00:28 . 2008-07-13 00:28 <DIR> d-------- C:\Programmer\Transparent
2008-07-13 00:28 . 2008-07-13 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-07-11 01:02 . 2008-07-11 01:03 <DIR> d-------- C:\Programmer\Magic Video Converter
2008-07-11 01:02 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\SYSTEM32\devil.dll
2008-07-11 01:02 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\SYSTEM32\msvcr71d.dll
2008-07-11 01:02 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\SYSTEM32\avisynth.dll
2008-07-11 00:42 . 2008-06-11 02:07 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2008-07-11 00:42 . 2008-06-11 02:07 120,056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2008-07-11 00:42 . 2008-06-11 02:07 118,520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2008-07-11 00:42 . 2008-06-11 02:07 9,464 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2008-07-11 00:42 . 2008-06-11 02:07 9,336 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2008-07-10 23:09 . 2008-07-10 23:09 <DIR> d-------- C:\Programmer\ffdshow
2008-07-10 23:09 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\SYSTEM32\pthreadGC2.dll
2008-07-10 23:09 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\SYSTEM32\ff_vfw.dll
2008-07-10 23:09 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\SYSTEM32\ff_vfw.dll.manifest
2008-07-10 23:05 . 2008-07-19 09:55 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\Apple Computer
2008-07-10 22:16 . 2008-07-10 22:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\QuickTime
2008-07-10 21:11 . 2008-07-10 22:35 <DIR> d-------- C:\Programmer\QuickTime
2008-07-10 20:37 . 2008-07-10 20:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 20:37 . 2008-07-10 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-10 20:15 . 2008-07-10 21:26 <DIR> d-------- C:\Programmer\ACE Mega CoDecS Pack3
2008-07-10 19:04 . 2008-07-10 19:04 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\Media Player Classic
2008-07-10 19:04 . 2008-07-10 19:04 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\DivX
2008-07-10 19:01 . 2008-07-20 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-10 18:37 . 2008-07-11 00:42 <DIR> d-------- C:\Programmer\DivX
2008-07-10 17:32 . 2008-07-10 17:32 <DIR> d-------- C:\Programmer\MagicISO
2008-07-09 18:35 . 2008-07-09 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-09 17:30 . 2008-07-09 17:30 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\Leadertech
2008-07-09 09:45 . 2008-07-09 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-09 09:23 . 2008-07-09 09:23 <DIR> d-------- C:\Programmer\Smart Projects
2008-07-09 06:03 . 2008-07-09 06:03 <DIR> d-------- C:\Programmer\OpenAL
2008-07-09 06:02 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\SYSTEM32\d3dx9_33.dll
2008-07-09 05:08 . 2008-07-20 14:33 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\dvdcss
2008-07-07 23:28 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-07-07 15:44 . <DIR> C:\Programmer\Fælles filer\Adobe AIR
2008-07-07 15:35 . 2008-07-08 14:17 <DIR> d-------- C:\Programmer\NOS
2008-07-07 15:35 . 2008-07-08 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-07 12:15 . 2008-07-07 12:15 <DIR> d-------- C:\Programmer\uTorrent
2008-07-06 18:54 . 2008-07-06 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-06 12:28 . 2008-07-06 12:28 <DIR> d-------- C:\Programmer\7-Zip
2008-07-06 08:16 . 2008-07-10 05:27 <DIR> d-------- C:\Programmer\PeerGuardian2
2008-07-06 08:01 . 2008-07-14 04:26 <DIR> d-------- C:\Programmer\Download Direct
2008-07-06 08:00 . 2008-07-06 08:00 <DIR> d-------- C:\Fraps
2008-07-06 08:00 . 2008-07-26 23:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 03:00 . 2008-07-06 03:00 <DIR> d-------- C:\Programmer\MSXML 4.0
2008-07-05 23:09 . 2008-07-05 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-05 22:58 . 2008-07-05 23:16 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\Uniblue
2008-07-05 22:54 . 2008-07-05 22:54 <DIR> d-------- C:\Programmer\Uniblue
2008-07-05 11:03 . 2008-07-05 10:55 729,088 --a------ C:\WINDOWS\iun6002.exe
2008-07-05 09:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-05 09:16 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-07-04 22:19 . 2007-06-27 14:42 207,488 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\vinyl97.sys
2008-07-04 22:17 . 2008-07-04 22:19 <DIR> d-------- C:\Programmer\VIA
2008-07-04 22:17 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\SYSTEM32\difxapi.dll
2008-07-04 20:45 . 2008-07-27 12:59 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-04 20:42 . 2008-07-19 09:54 <DIR> d-------- C:\Programmer\Bonjour
2008-07-04 20:13 . <DIR> C:\Programmer\Fælles filer\Macrovision Shared
2008-07-04 20:11 . <DIR> C:\Programmer\Fælles filer\Adobe
2008-07-04 19:59 . 2008-07-04 19:59 <DIR> d-------- C:\Programmer\NeroInstall.bak
2008-07-04 19:57 . 2008-07-04 19:57 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\Nero
2008-07-04 19:54 . 2008-07-04 19:54 <DIR> d-------- C:\Programmer\Windows Media Connect 2
2008-07-04 19:47 . 2008-07-04 19:47 <DIR> d-------- C:\Programmer\Nero
2008-07-04 19:47 . <DIR> C:\Programmer\Fælles filer\Nero
2008-07-04 19:47 . 2008-07-04 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-04 19:46 . 2008-07-13 05:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-07-04 19:25 . 2008-07-04 19:25 <DIR> d-------- C:\Programmer\VSO
2008-07-04 19:25 . 2008-07-13 22:09 <DIR> d-------- C:\Documents and Settings\Samir\Application Data\Vso
2008-07-04 19:25 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-04 19:25 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\SYSTEM32\vp7vfw.dll
2008-07-04 19:25 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\SYSTEM32\drv43260.dll
2008-07-04 19:25 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\SYSTEM32\drv33260.dll
2008-07-04 19:25 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\SYSTEM32\drv23260.dll
2008-07-04 19:25 . 2008-07-04 19:25 87,608 --a------ C:\Documents and Settings\Samir\Application Data\inst.exe
2008-07-04 19:25 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\SYSTEM32\cook3260.dll
2008-07-04 19:25 . 2008-07-04 19:25 47,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 18:20 --------- d-----w C:\Programmer\Fælles filer\Tjenester
2008-07-20 21:03 --------- d-----w C:\Programmer\Haali
2008-07-19 23:33 --------- d-----w C:\Programmer\GameSpy Arcade
2008-07-17 10:39 77,109 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_07_16_05_10_13_small.dmp.zip
2008-07-09 06:02 86,016 ----a-w C:\WINDOWS\SYSTEM32\OpenAL32.dll
2008-07-09 06:02 413,696 ----a-w C:\WINDOWS\SYSTEM32\wrap_oal.dll
2008-07-04 19:32 --------- d-----w C:\Programmer\EA GAMES
2008-07-04 19:18 --------- d-----w C:\Programmer\microsoft frontpage
2008-07-04 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-04 19:12 --------- d-----w C:\Programmer\Onlinetjenester
2008-06-25 04:36 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-06-14 17:35 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\SYSTEM32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\SYSTEM32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\SYSTEM32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\SYSTEM32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\SYSTEM32\cscript.exe
2008-05-07 05:11 1,292,288 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2008-07-04 16:50 1271032]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Programmer\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"uTorrent"="C:\Programmer\uTorrent\uTorrent.exe" [2008-07-07 12:15 219952]
"BitTorrent DNA"="C:\Programmer\DNA\btdna.exe" [2008-07-17 00:41 289088]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spy Protector"="C:\Programmer\Security Task Manager\SpyProtector.exe/autostart" [X]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 01:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-30 01:50 86016]
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"AudioDeck"="C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 15:48 528384]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"UnlockerAssistant"="C:\Programmer\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"nwiz"="nwiz.exe" [2004-10-30 01:50 921600 C:\WINDOWS\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Programmer\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Programmer\\DNA\\btdna.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"D:\\softnyx\\GunboundWC\\GunBound.gme"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55555:TCP"= 55555:TCP:utor

R2 wwEngineSvc;Window Washer Engine;C:\Programmer\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 06:36]
.
Contents of the 'Scheduled Tasks' folder

2008-07-05 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8FD1D8CB-F3D4-43B1-A347-6E4610F7D49B} - (no file)
HKLM-Run-NeroFilterCheck - C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
ShellExecuteHooks-{DF986C2C-446C-49B7-913D-DBB1BAE4DC17} - (no file)
Notify-pmnnKefG - pmnnKefG.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.klub.amitech.dk/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O17 -: HKLM\CCS\Interface\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 08:45:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmer\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-28 8:51:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 06:50:47

Pre-Run: 9,758,797,824 byte ledig
Post-Run: 9,675,558,912 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

303 --- E O F --- 2008-07-10 13:07:00


And the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:38, on 28-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmer\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Programmer\Unlocker\UnlockerAssistant.exe
C:\Programmer\uTorrent\uTorrent.exe
C:\Programmer\DNA\btdna.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Samir\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.klub.amitech.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AudioDeck] "C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe" 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Spy Protector] C:\Programmer\Security Task Manager\SpyProtector.exe/autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Programmer\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmer\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215172496203
O17 - HKLM\System\CCS\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CCS\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CS1\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O17 - HKLM\System\CS2\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CS2\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Programmer\Webroot\Washer\WasherSvc.exe

--
End of file - 5948 bytes

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 28 July 2008 - 02:06 AM

Please manually delete this file: C:\WINDOWS\BMb37ced44.xml



NEXT


I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:
I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the following logs in your next reply...

1. Malwarebytes'
2. A fresh DSS log (after Malwarebytes' step)
3. Tell me about your computer condition now..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 senior03

senior03
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 July 2008 - 03:01 AM

Malwarebytes' Anti-Malware 1.23
Database version: 1000
Windows 5.1.2600 Service Pack 3

09:56:02 28-07-2008
mbam-log-7-28-2008 (09-56-02).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 102808
Tid tilbagelagt: 40 minute(s), 57 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 56

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Documents and Settings\All Users\Application Data\SecTaskMan\dqlkvkuj.dll.q_8045E01_q (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecTaskMan\fccdayvv.dll.q_804C203_q (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecTaskMan\fpxwglax.dll.q_8045E01_q (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecTaskMan\hkogotmf.dll.q_804D001_q (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecTaskMan\urqRiIBU.dll.q_804C403_q (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecTaskMan\oawsdxrd.dll.q_8045E01_q (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecTaskMan\ovtxpvvn.dll.q_8043C01_q (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Samir\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fimbhwgj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gvymbyxp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jjcbjgim.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ljJBtsrs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ljkyqcjb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nwkavfrt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pydjnddp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rforwkys.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xjauwlia.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xwtpechr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ywfbmxwq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP65\A0011370.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP65\A0011373.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP65\A0011377.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP65\A0011380.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP65\A0011378.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP66\A0012177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP67\A0012181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP69\A0013237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP69\A0013238.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP69\A0013235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP72\A0013527.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP72\A0013529.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP72\A0013530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP72\A0014492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016246.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP74\A0016346.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016681.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016682.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016683.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016685.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016686.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016687.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016688.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016690.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016695.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016696.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87184977-BC7C-49E2-A865-3A9CB3C77B2C}\RP78\A0016697.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

urgh, sorry you needed a dss log not HJT, ill edit my post with the dss in a sec.

heres the dss log

Deckard's System Scanner v20071014.68
Run by Samir on 2008-07-28 10:17:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 79% (more than 75%).


-- HijackThis (run as Samir.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:14, on 28-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmer\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Programmer\Unlocker\UnlockerAssistant.exe
C:\Programmer\uTorrent\uTorrent.exe
C:\Programmer\DNA\btdna.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Samir\Skrivebord\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
C:\Programmer\COMODO\Firewall\cfpconfg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\AVG\AVG8\avgtray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Samir\Skrivebord\dss.exe
C:\DOCUME~1\Samir\SKRIVE~1\Samir.exe
C:\Programmer\AVG\AVG8\avgui.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.klub.amitech.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AudioDeck] "C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe" 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Spy Protector] C:\Programmer\Security Task Manager\SpyProtector.exe/autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmer\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Programmer\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmer\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215172496203
O17 - HKLM\System\CCS\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CCS\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CS1\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O17 - HKLM\System\CS2\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: Domain = www.webspeed.dk
O17 - HKLM\System\CS2\Services\Tcpip\..\{364BDCAD-B56B-4F8B-85C2-90F07B212FAE}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmer\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Programmer\Webroot\Washer\WasherSvc.exe

--
End of file - 6793 bytes

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 10:05:40 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-28 10:05:23 0 d-------- C:\Programmer\AVG
2008-07-28 10:05:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 10:02:24 0 d-------- C:\Documents and Settings\Samir\Application Data\Comodo
2008-07-28 10:02:22 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-28 10:02:21 0 d-------- C:\Programmer\COMODO
2008-07-28 09:12:31 0 d-------- C:\Programmer\Malwarebytes' Anti-Malware
2008-07-28 08:41:20 0 d-------- C:\cmdcons
2008-07-28 08:37:20 68096 --a------ C:\WINDOWS\zip.exe
2008-07-28 08:37:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-28 08:37:20 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-28 08:37:20 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-28 08:37:20 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-28 08:37:20 98816 --a------ C:\WINDOWS\sed.exe
2008-07-28 08:37:20 80412 --a------ C:\WINDOWS\grep.exe
2008-07-28 08:37:20 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-27 20:21:51 0 dr-h----- C:\Documents and Settings\Samir\Recent
2008-07-27 15:48:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:40:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 15:14:20 0 d-------- C:\Documents and Settings\Samir\Application Data\Desktopicon
2008-07-26 21:51:57 0 d-------- C:\Programmer\Fælles filer\Webroot Shared
2008-07-26 21:44:39 0 d-------- C:\Programmer\Webroot
2008-07-26 21:44:39 0 d-------- C:\Documents and Settings\Samir\Application Data\Webroot
2008-07-26 21:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-26 21:36:11 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-26 19:12:23 0 d-------- C:\Programmer\Alwil Software
2008-07-26 18:57:50 0 d-------- C:\Programmer\Security Task Manager
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Skabeloner
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Printere
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Menuen Start
2008-07-26 18:34:06 0 d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Foretrukne
2008-07-26 18:34:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-26 18:34:06 0 d-------- C:\Documents and Settings\Administrator\Andre computere
2008-07-26 18:34:05 3137536 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-25 16:15:10 6815744 --a------ C:\Documents and Settings\Samir\ntuser.dat
2008-07-22 19:58:30 0 d-------- C:\Programmer\Combined Community Codec Pack
2008-07-21 11:19:53 0 d-------- C:\Programmer\Project64 1.6
2008-07-20 23:05:36 0 d-------- C:\Programmer\CD Audio Reader Filter
2008-07-20 23:05:34 0 d-------- C:\Programmer\DScaler5
2008-07-20 23:05:24 0 d-------- C:\Programmer\OpenSource Flash Video Splitter
2008-07-20 23:05:16 0 d-------- C:\Programmer\RealMedia
2008-07-20 23:03:52 0 d-------- C:\Programmer\SHOUTcast Source
2008-07-20 23:03:47 0 d-------- C:\Programmer\Haali
2008-07-20 23:03:37 0 d-------- C:\Programmer\DSP-worx
2008-07-20 23:03:27 0 d-------- C:\Programmer\DirectVobSub
2008-07-20 23:02:59 0 d-------- C:\Programmer\Zoom Player
2008-07-17 01:30:59 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-07-17 01:30:21 0 d-------- C:\Program Files
2008-07-17 00:41:04 0 d-------- C:\Programmer\DNA
2008-07-17 00:41:04 0 d-------- C:\Documents and Settings\Samir\Application Data\DNA
2008-07-17 00:35:58 160570 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2008-07-17 00:35:58 0 d-------- C:\Programmer\Sqirlz Water Reflections
2008-07-16 03:52:42 23 --ahs---- C:\WINDOWS\system32\eaaddfa_g.dll
2008-07-16 03:52:11 0 d-------- C:\Programmer\RegSupreme
2008-07-16 03:45:49 0 d-------- C:\Documents and Settings\Samir\Application Data\Help
2008-07-16 03:42:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-15 12:07:06 0 d-------- C:\Programmer\CoreCodec
2008-07-13 00:28:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-07-13 00:28:41 0 d-------- C:\Programmer\Transparent
2008-07-11 01:02:27 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-07-11 01:02:27 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-07-11 01:02:25 0 d-------- C:\Programmer\Magic Video Converter
2008-07-10 23:09:12 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-07-10 23:09:12 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-10 23:09:11 0 d-------- C:\Programmer\ffdshow
2008-07-10 23:05:53 0 d-------- C:\Documents and Settings\Samir\Application Data\Apple Computer
2008-07-10 22:16:56 0 d-------- C:\WINDOWS\system32\QuickTime
2008-07-10 21:11:15 0 d-------- C:\Programmer\QuickTime
2008-07-10 20:15:53 0 d-------- C:\Programmer\ACE Mega CoDecS Pack3
2008-07-10 19:04:01 0 d-------- C:\Documents and Settings\Samir\Application Data\DivX
2008-07-10 19:04:00 0 d-------- C:\Documents and Settings\Samir\Application Data\Media Player Classic
2008-07-10 19:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-10 18:37:43 0 d-------- C:\Programmer\DivX
2008-07-10 17:32:51 0 d-------- C:\Programmer\MagicISO
2008-07-09 18:35:11 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-09 17:30:49 0 d-------- C:\Documents and Settings\Samir\Application Data\Leadertech
2008-07-09 09:45:02 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-09 09:23:00 0 d-------- C:\Programmer\Smart Projects
2008-07-09 06:03:35 0 d-------- C:\Programmer\OpenAL
2008-07-09 06:03:34 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-07-09 06:03:34 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-07-09 05:08:04 0 d-------- C:\Documents and Settings\Samir\Application Data\dvdcss
2008-07-07 15:44:47 0 d-------- C:\Programmer\Fælles filer\Adobe AIR
2008-07-07 15:35:05 0 d-------- C:\Programmer\NOS
2008-07-07 15:35:05 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-07 12:15:58 0 d-------- C:\Programmer\uTorrent
2008-07-06 18:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-06 12:28:41 0 d-------- C:\Programmer\7-Zip
2008-07-06 08:16:19 0 d-------- C:\Programmer\PeerGuardian2
2008-07-06 08:01:26 0 d-------- C:\Programmer\Download Direct
2008-07-06 08:00:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 08:00:34 0 d-------- C:\Fraps
2008-07-06 03:00:43 0 d-------- C:\Programmer\MSXML 4.0
2008-07-05 23:09:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-05 22:58:23 0 d-------- C:\Documents and Settings\Samir\Application Data\Uniblue
2008-07-05 22:54:49 0 d-------- C:\Programmer\Uniblue
2008-07-05 11:03:25 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-07-04 22:17:37 0 d-------- C:\Programmer\VIA
2008-07-04 21:43:49 528 --a------ C:\WINDOWS\eReg.dat
2008-07-04 21:28:56 0 d-------- C:\Programmer\GameSpy Arcade
2008-07-04 21:27:57 0 d-------- C:\Programmer\EA GAMES
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\XIRCOM
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\WINS
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\INETSRV
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\IME
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\EXPORT
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\drivers\DISDN
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\DHCP
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\3COM_DMI
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\3076
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\2052
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1054
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1042
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1041
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1037
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1031
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1028
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\system32\1025
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\MUI
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\MSAPPS
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\JAVA
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\Config
2008-07-04 21:18:55 0 d-------- C:\WINDOWS\ADDINS
2008-07-04 21:18:55 0 d-------- C:\Programmer\WindowsUpdate
2008-07-04 21:18:55 0 d-------- C:\Programmer\microsoft frontpage
2008-07-04 21:18:55 0 d-------- C:\Programmer\Fælles filer\ODBC
2008-07-04 21:18:55 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Skrivebord
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Recent
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Printere
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Foretrukne
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\Default User\Andre computere
2008-07-04 21:18:55 0 d-------- C:\Documents and Settings\All Users\Skabeloner
2008-07-04 21:18:18 926 -----n--- C:\WINDOWS\XECHO.EXE
2008-07-04 21:18:18 45056 -----n--- C:\WINDOWS\xcacls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-04 21:18:18 15683 -----n--- C:\WINDOWS\Settings.vbs
2008-07-04 21:18:18 43520 -----n--- C:\WINDOWS\Settings.EXE <Not Verified; Amitech Danmark A/S; Settings>
2008-07-04 21:18:18 890 -----n--- C:\WINDOWS\SetDisp.vbs
2008-07-04 21:18:18 9216 -----n--- C:\WINDOWS\SetDisp.exe <Not Verified; Amitech Danmark A/S; SetDisp>
2008-07-04 21:18:18 1923 -----n--- C:\WINDOWS\ServicePack.vbs
2008-07-04 21:18:18 8704 -----n--- C:\WINDOWS\NumLock.exe <Not Verified; Amitech Danmark A/S; NumLock>
2008-07-04 21:18:18 35 -----n--- C:\WINDOWS\Mobile.cmd
2008-07-04 21:18:18 76288 -----n--- C:\WINDOWS\HWInfo.exe <Not Verified; Amitech Danmark A/S; HWInfo>
2008-07-04 21:18:18 1904 -----n--- C:\WINDOWS\Hibernate.vbs
2008-07-04 21:18:18 55808 -----n--- C:\WINDOWS\devcon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-04 21:18:18 0 d-------- C:\Documents and Settings\All Users\Skrivebord
2008-07-04 21:18:18 0 d-------- C:\Documents and Settings\All Users\Lokale indstillinger
2008-07-04 21:18:18 0 d-------- C:\Documents and Settings\All Users\Foretrukne
2008-07-04 21:18:18 0 d-------- C:\Amitech
2008-07-04 21:18:17 0 d-------- C:\WINDOWS\SP
2008-07-04 21:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-04 21:18:11 0 d-------- C:\WINDOWS\Install
2008-07-04 21:17:20 0 d-------- C:\Documents and Settings\All Users\Address Book
2008-07-04 21:16:27 324656 --a------ C:\WINDOWS\system32\PERFH006.DAT
2008-07-04 21:16:27 47086 --a------ C:\WINDOWS\system32\PERFC006.DAT
2008-07-04 21:16:05 21644 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-04 21:15:53 0 d-------- C:\WINDOWS\system32\WBEM
2008-07-04 21:15:53 0 d-------- C:\WINDOWS\system32\USMT
2008-07-04 21:15:53 0 d-------- C:\WINDOWS\system32\SPOOL
2008-07-04 21:15:52 0 d-------- C:\WINDOWS\system32\Setup
2008-07-04 21:15:52 0 d-------- C:\WINDOWS\system32\Restore
2008-07-04 21:15:52 0 d-------- C:\WINDOWS\system32\RAS
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\OOBE
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\NPP
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\MUI
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\Microsoft
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\ICSXML
2008-07-04 21:15:50 0 d-------- C:\WINDOWS\system32\IAS
2008-07-04 21:15:46 0 d-------- C:\WINDOWS\system32\DRIVERS
2008-07-04 21:15:46 0 d-------- C:\WINDOWS\system32\drivers\ETC
2008-07-04 21:14:37 0 d-------- C:\WINDOWS\system32\DLLCACHE
2008-07-04 21:14:36 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-04 21:14:34 0 d-------- C:\WINDOWS\system32\CONFIG
2008-07-04 21:14:34 0 d-------- C:\WINDOWS\system32\Com
2008-07-04 21:14:34 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-04 21:14:33 0 d-------- C:\WINDOWS\SYSTEM32
2008-07-04 21:14:33 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-04 21:14:33 0 d-------- C:\WINDOWS\system32\1033
2008-07-04 21:14:33 0 d-------- C:\WINDOWS\system32\1030
2008-07-04 21:13:59 0 d-------- C:\WINDOWS\Driver Cache
2008-07-04 21:12:42 0 -rahs---- C:\MSDOS.SYS
2008-07-04 21:12:42 0 -rahs---- C:\IO.SYS
2008-07-04 21:12:41 0 --a------ C:\CONFIG.SYS
2008-07-04 21:12:41 0 --a------ C:\AUTOEXEC.BAT
2008-07-04 21:12:39 0 d-------- C:\WINDOWS\WinSxS
2008-07-04 21:12:38 0 d-------- C:\WINDOWS\Web
2008-07-04 21:12:38 0 d-------- C:\WINDOWS\TWAIN_32
2008-07-04 21:12:38 0 d-------- C:\WINDOWS\Tasks
2008-07-04 21:12:38 0 d-------- C:\WINDOWS\SYSTEM
2008-07-04 21:12:35 0 d-------- C:\WINDOWS\SRCHASST
2008-07-04 21:12:35 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-04 21:12:35 0 d-------- C:\WINDOWS\SECURITY
2008-07-04 21:12:35 0 d-------- C:\WINDOWS\Resources
2008-07-04 21:12:34 0 d-------- C:\WINDOWS\REPAIR
2008-07-04 21:12:34 0 d-------- C:\WINDOWS\Registration
2008-07-04 21:12:34 0 d-------- C:\WINDOWS\Provisioning
2008-07-04 21:12:33 0 d-------- C:\WINDOWS\PeerNet
2008-07-04 21:12:29 0 d-------- C:\WINDOWS\PCHEALTH
2008-07-04 21:12:29 0 d-------- C:\WINDOWS\Offline Web Pages
2008-07-04 21:12:27 0 d-------- C:\WINDOWS\MSAGENT
2008-07-04 21:12:27 0 d-------- C:\WINDOWS\Media
2008-07-04 21:12:27 0 d--hs---- C:\WINDOWS\Installer
2008-07-04 21:12:20 0 d-------- C:\WINDOWS\INF
2008-07-04 21:12:20 0 d-------- C:\WINDOWS\IME
2008-07-04 21:12:08 0 d-------- C:\WINDOWS\Help
2008-07-04 21:12:04 0 d-------- C:\WINDOWS
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\Fonts
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\Downloaded Program Files
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\Debug
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\Cursors
2008-07-04 21:12:04 0 d-------- C:\WINDOWS\AppPatch
2008-07-04 21:12:03 0 d-------- C:\Programmer\Windows NT
2008-07-04 21:12:02 0 d-------- C:\Programmer\Onlinetjenester
2008-07-04 21:12:01 0 d-------- C:\Programmer\MSN Gaming Zone
2008-07-04 21:11:59 0 d-------- C:\Programmer\Movie Maker
2008-07-04 21:11:58 0 d-------- C:\Programmer\Messenger
2008-07-04 21:11:58 0 d-------- C:\Programmer\Fælles filer\Tjenester
2008-07-04 21:11:56 0 d-------- C:\Programmer\Fælles filer\SpeechEngines
2008-07-04 21:11:56 0 d-------- C:\Programmer\Fælles filer\MSSoap
2008-07-04 21:11:55 0 d-------- C:\Programmer
2008-07-04 21:11:55 0 d-------- C:\Programmer\Fælles filer
2008-07-04 21:08:59 0 d--h----- C:\I386
2008-07-04 21:08:59 229376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-04 21:08:59 0 d--h----- C:\Documents and Settings\NetworkService\Lokale indstillinger
2008-07-04 21:08:59 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-04 21:08:59 0 d--h----- C:\Documents and Settings\LocalService\Lokale indstillinger
2008-07-04 21:08:59 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\Skabeloner
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\SendTo
2008-07-04 21:08:53 3145728 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\Menuen Start
2008-07-04 21:08:53 0 d--h----- C:\Documents and Settings\Default User\Lokale indstillinger
2008-07-04 21:08:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\Application Data
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-04 21:08:53 0 d-------- C:\Documents and Settings\All Users\Menuen Start
2008-07-04 21:08:53 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-04 21:08:51 0 d-------- C:\Documents and Settings
2008-07-04 21:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data
2008-07-04 21:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-04 20:44:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-04 20:42:16 0 d-------- C:\Programmer\Bonjour
2008-07-04 20:13:10 0 d-------- C:\Programmer\Fælles filer\Macrovision Shared
2008-07-04 20:11:01 0 d-------- C:\Programmer\Fælles filer\Adobe
2008-07-04 19:59:54 0 d-------- C:\Programmer\NeroInstall.bak
2008-07-04 19:57:28 0 d-------- C:\Documents and Settings\Samir\Application Data\Nero
2008-07-04 19:54:06 0 d-------- C:\Programmer\Windows Media Connect 2
2008-07-04 19:47:32 0 d-------- C:\Programmer\Nero
2008-07-04 19:47:32 0 d-------- C:\Programmer\Fælles filer\Nero
2008-07-04 19:47:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-04 19:46:32 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-04 19:41:12 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-04 19:25:37 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-04 19:25:37 0 d-------- C:\Documents and Settings\Samir\Application Data\Vso
2008-07-04 19:25:37 47360 --a------ C:\Documents and Settings\Samir\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-04 19:25:21 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-04 19:25:21 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-07-04 19:25:21 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-07-04 19:25:21 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-07-04 19:25:21 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-04 19:25:17 0 d-------- C:\Programmer\VSO
2008-07-04 19:18:30 0 d-------- C:\Programmer\DAEMON Tools Lite
2008-07-04 18:41:48 0 d-------- C:\Documents and Settings\Samir\Contacts
2008-07-04 18:41:19 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-04 18:39:46 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-04 18:39:45 0 d-------- C:\Documents and Settings\Samir\Application Data\DAEMON Tools
2008-07-04 18:38:15 0 d--hs--c- C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-07-04 18:38:02 0 d-------- C:\Programmer\Windows Live
2008-07-04 18:37:46 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 17:45:40 0 d-------- C:\Documents and Settings\Samir\Application Data\Malwarebytes
2008-07-04 17:45:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 17:44:47 0 d-------- C:\Programmer\CCleaner
2008-07-04 17:12:15 0 d-------- C:\WINDOWS\system32\Lang
2008-07-04 16:52:06 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-04 16:48:32 0 d-------- C:\Documents and Settings\Samir\Application Data\vlc
2008-07-04 16:47:14 0 d-------- C:\Programmer\VideoLAN
2008-07-04 16:04:19 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-04 15:57:51 7748640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-04 15:55:48 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-07-04 15:35:52 0 d-------- C:\Documents and Settings\Samir\Application Data\WinRAR
2008-07-04 15:20:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-04 15:20:20 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-04 15:20:02 0 d-------- C:\WINDOWS\Internet Logs
2008-07-04 14:48:34 0 d-------- C:\WINDOWS\Prefetch
2008-07-04 14:36:29 0 d-------- C:\WINDOWS\system32\da-dk
2008-07-04 14:36:28 0 d-------- C:\WINDOWS\l2schemas
2008-07-04 14:36:27 0 d-------- C:\WINDOWS\system32\da
2008-07-04 14:36:27 0 d-------- C:\WINDOWS\system32\bits
2008-07-04 14:33:11 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-04 14:30:09 0 d-------- C:\WINDOWS\network diagnostic
2008-07-04 14:28:04 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-04 14:25:20 0 d-------- C:\WINDOWS\EHome
2008-07-04 14:00:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-04 13:27:32 0 d---s---- C:\Documents and Settings\Samir\UserData
2008-07-04 13:21:42 0 d-------- C:\Documents and Settings\Samir\Application Data\Macromedia
2008-07-04 13:21:42 0 d-------- C:\Documents and Settings\Samir\Application Data\Adobe
2008-07-04 13:19:42 0 d-------- C:\Documents and Settings\Samir\Application Data\uTorrent
2008-07-04 13:06:36 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-04 13:06:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-04 13:06:30 0 d-------- C:\Documents and Settings\Samir\Application Data\Mozilla
2008-07-04 12:59:34 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-04 12:52:43 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-04 12:49:25 303616 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-04 12:49:19 0 d-------- C:\Documents and Settings\Samir\WINDOWS
2008-07-04 12:31:31 0 d-------- C:\Documents and Settings\Samir\Dokumenter
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Skrivebord
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Skabeloner
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\SendTo
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Printere
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Menuen Start
2008-07-04 12:31:27 0 d--h----- C:\Documents and Settings\Samir\Lokale indstillinger
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Foretrukne
2008-07-04 12:31:27 0 d---s---- C:\Documents and Settings\Samir\Cookies
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Application Data
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Application Data\Sonic
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Application Data\Identities
2008-07-04 12:31:27 0 d-------- C:\Documents and Settings\Samir\Andre computere
2008-07-04 12:31:15 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-07-04 12:31:08 0 d-------- C:\Documents and Settings\Default User\Application Data\Sonic
2008-07-04 12:31:08 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-07-04 12:26:23 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-04 12:26:21 0 d-------- C:\Programmer\r
2008-07-04 12:26:21 0 d--h----- C:\Programmer\InstallShield Installation Information
2008-07-04 12:26:21 0 d-------- C:\Programmer\CyberLink
2008-07-04 12:26:18 0 d-------- C:\Programmer\Fælles filer\InstallShield
2008-07-04 12:26:17 0 d-------- C:\Programmer\Fælles filer\Sonic
2008-07-04 12:25:50 0 d-------- C:\Programmer\Sonic
2008-07-04 12:25:37 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-04 12:23:29 0 d-------- C:\WINDOWS\nview
2008-07-04 12:20:14 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-13 22:09:30 668 --a------ C:\Documents and Settings\Samir\Application Data\vso_ts_preview.xml
2008-07-04 19:25:48 34 --a------ C:\Documents and Settings\Samir\Application Data\pcouffin.log
2008-07-04 19:25:37 1144 --a------ C:\Documents and Settings\Samir\Application Data\pcouffin.inf
2008-07-04 19:25:37 7887 --a------ C:\Documents and Settings\Samir\Application Data\pcouffin.cat
2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [14-04-2008 18:06 C:\WINDOWS\SYSTEM32\rundll32.exe]
"nwiz"="nwiz.exe" [30-10-2004 01:50 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [14-04-2008 18:06 C:\WINDOWS\SYSTEM32\rundll32.exe]
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18-02-2008 16:29]
"AudioDeck"="C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe" [09-08-2007 15:48]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12-06-2008 02:38]
"Spy Protector"="C:\Programmer\Security Task Manager\SpyProtector.exe/autostart" []
"UnlockerAssistant"="C:\Programmer\Unlocker\UnlockerAssistant.exe" [02-05-2008 06:15]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [28-07-2008 10:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [04-07-2008 16:50]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
"DAEMON Tools Lite"="C:\Programmer\DAEMON Tools Lite\daemon.exe" [01-04-2008 11:39]
"uTorrent"="C:\Programmer\uTorrent\uTorrent.exe" [07-07-2008 12:15]
"BitTorrent DNA"="C:\Programmer\DNA\btdna.exe" [17-07-2008 00:41]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [07-07-2008 09:42]

C:\Documents and Settings\Samir\Menuen Start\Programmer\Start\
DESKTOP.INI [26-10-2004 19:00:14]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
DESKTOP.INI [26-10-2004 19:00:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\guard32.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - AVGTDIX



-- End of Deckard's System Scanner: finished at 2008-07-28 10:27:39 ------------


i used to have ad-aware before downloading spybot s&d but it they werent compatible with each other so i had to remove one of them, downloaded avg 8 and the comodo firewall.

my pc seems ok at the moment, so i guess the problem is solved?

thanks a lot for the help :thumbsup:

Edited by senior03, 28 July 2008 - 03:30 AM.


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 28 July 2008 - 10:03 AM

my pc seems ok at the moment, so i guess the problem is solved?


Yup.. I believe so.. Your log looks good to me.. Lets do this..

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image



NEXT


I noticed you already have..

1. AVG8 as your antivirus
2. Comodo as your firewall
3. Malwarebytes' as your antispyware..


Lastly, to keep your operating system up to date please visit the link below monthlyTo learn more about how to protect yourself while on the internet read this excellent article by Grinler: How did I get infected?, With steps so it does not happen again!

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 senior03

senior03
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 28 July 2008 - 10:32 AM

Unfortunately i deleted IE not knowing that it was more than just a browser, i cant seem to get it back, tried to use the "add/remove windows components" but it just slaps an icon of IE on the desk and in start > programs.

Other than that everything seemed to work perfectly :thumbsup:

EDIT: related to microsoft update

Edited by senior03, 28 July 2008 - 10:56 AM.


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 28 July 2008 - 11:03 AM

Unfortunately i deleted IE not knowing that it was more than just a browser, i cant seem to get it back, tried to use the "add/remove windows components" but it just slaps an icon of IE on the desk and in start > programs.

Other than that everything seemed to work perfectly :thumbsup:

EDIT: related to microsoft update



You can download Internet Explorer from link below:

http://www.microsoft.com/windows/downloads/ie/getitnow.mspx

Or better still use Mozilla Firefox:

http://www.mozilla.com/en-US/firefox/


Glad that we could help.. I'm gonna close this topic now.. If you need this topic to be re-open, please pm me.. If you have other computer problem, please open a new topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users