Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible bkdr_tdss and/or other (unknown) infections


  • This topic is locked This topic is locked
9 replies to this topic

#1 Transmogriff

Transmogriff

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 30 November 2008 - 06:47 PM

Hi,

I'm trying to clean up a friend's computer, it's been infected by a whole bunch of malware that I think I've gotten rid of, but I'm afraid some of the more devious types are still lurking around. Housecall first reported bkdr_tdss infection, but during cleanup, IE crashed, and at the next scan, it didn't find anything. Then it started reporting adware_memwatcher infection, which according to several sources might be a false positive. I tried running Kaspersky, but for some reason java stops working a few minutes into the scan. Anyway, I was hoping maybe someone here could help me determine whether the computer is actually clean or not! It's kind of sluggish, but that might be due to it only having 239mb ram...

Here are my logs:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Christine at 2008-12-01 00:28:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (28%) free of 28 GB
Total RAM: 239 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:29:58, on 01.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Viewpoint\Common\ViewpointService.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programfiler\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
D:\itunes\iTunesHelper.exe
C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe
C:\Programfiler\D-Link AirPlus\AIRPLUS.EXE
C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Programfiler\iPod2\iPod\bin\iPodService.exe
C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christine\Mine dokumenter\Downloads\RSIT.exe
C:\Programfiler\trend micro\Christine.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus Utility.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.bi.no/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: karna.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod2\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programfiler\Viewpoint\Common\ViewpointService.exe

--
End of file - 7884 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Programfiler\Java\jre6\bin\ssv.dll [2008-11-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2008-11-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"QuickTime Task"=C:\Programfiler\QuickTime\qttask.exe [2007-12-11 286720]
"iTunesHelper"=D:\itunes\iTunesHelper.exe [2007-12-11 267048]
"SpywareTerminator"=C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe [2008-11-25 2246144]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]
"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2008-11-28 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-11-28 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2003-07-25 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Programfiler\Apoint2K\Apoint.exe [2002-07-25 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [2001-10-22 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programfiler\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
D:\\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-24 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programfiler\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\Programfiler\Fellesfiler\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programfiler\QuickTime\qttask.exe [2007-12-11 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [2003-10-21 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
D:\Phone\Skype.exe [2006-01-03 19495464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2003-05-14 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programfiler\Winamp\winampa.exe [2004-12-20 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2003-02-21 360509]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk]
D:\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-03-24 67128]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
D-Link AirPlus Utility.lnk - C:\Programfiler\D-Link AirPlus\AIRPLUS.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programfiler\iMesh\iMesh5\iMesh.exe"="D:\Programfiler\iMesh\iMesh5\iMesh.exe:*:Enabled:iMesh 5"
"C:\Programfiler\LimeWire\LimeWire.exe"="C:\Programfiler\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Programfiler\iTunes2\iTunes.exe"="C:\Programfiler\iTunes2\iTunes.exe:*:Enabled:iTunes"
"D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\Phone\Skype.exe"="D:\Phone\Skype.exe:*:Enabled:Skype"
"D:\itunes\iTunes.exe"="D:\itunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\System32\Drivers\svchost.exe"="C:\WINDOWS\System32\Drivers\svchost.exe:*:Disabled:svchost"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programfiler\Internet Explorer\IEXPLORE.EXE"="C:\Programfiler\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Christine\Lokale innstillinger\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Christine\Lokale innstillinger\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Programfiler\uTorrent\uTorrent.exe"="C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programfiler\Windows Live\Messenger\livecall.exe"="C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-01 00:28:48 ----D---- C:\Programfiler\trend micro
2008-12-01 00:28:41 ----D---- C:\rsit
2008-11-29 17:39:21 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-29 01:58:04 ----D---- C:\WINDOWS\BDOSCAN8
2008-11-28 15:14:06 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-28 15:14:06 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-28 15:14:06 ----A---- C:\WINDOWS\system32\java.exe
2008-11-28 14:34:38 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-28 04:42:34 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-27 15:29:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-27 14:13:38 ----D---- C:\Programfiler\pexpl
2008-11-27 14:09:21 ----D---- C:\Programfiler\Fport
2008-11-27 04:07:38 ----D---- C:\Programfiler\TeaTimer (Spybot - Search & Destroy)
2008-11-27 04:07:37 ----D---- C:\Programfiler\SDHelper (Spybot - Search & Destroy)
2008-11-27 04:07:19 ----D---- C:\Programfiler\Misc. Support Library (Spybot - Search & Destroy)
2008-11-27 04:07:18 ----D---- C:\Programfiler\File Scanner Library (Spybot - Search & Destroy)
2008-11-27 02:32:52 ----D---- C:\Documents and Settings\Christine\Programdata\vlc
2008-11-27 02:21:58 ----D---- C:\Programfiler\VideoLAN
2008-11-27 00:28:47 ----D---- C:\Programfiler\uTorrent
2008-11-27 00:28:41 ----D---- C:\Documents and Settings\Christine\Programdata\uTorrent
2008-11-26 23:59:36 ----D---- C:\Programfiler\DC++
2008-11-26 21:10:48 ----D---- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2008-11-26 21:07:30 ----D---- C:\Programfiler\SUPERAntiSpyware
2008-11-26 21:07:28 ----D---- C:\Documents and Settings\Christine\Programdata\SUPERAntiSpyware.com
2008-11-26 20:37:28 ----D---- C:\Documents and Settings\All Users\Programdata\SecTaskMan
2008-11-26 20:35:48 ----D---- C:\Programfiler\Security Task Manager
2008-11-26 17:57:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-26 17:56:42 ----D---- C:\WINDOWS\Prefetch
2008-11-26 17:52:17 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-26 17:52:06 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-26 17:51:56 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-26 17:51:49 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-26 17:51:38 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-26 17:51:29 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-26 17:51:11 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-26 17:51:01 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-26 17:50:53 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-26 17:50:42 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-26 17:50:33 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-26 17:50:24 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-26 17:50:15 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-26 17:49:59 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-26 17:49:50 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-26 17:49:42 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-26 17:49:31 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-26 17:49:17 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-26 17:43:28 ----A---- C:\WINDOWS\setuplog.txt
2008-11-26 17:39:50 ----D---- C:\WINDOWS\l2schemas
2008-11-26 17:39:48 ----D---- C:\WINDOWS\system32\no
2008-11-26 15:42:14 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-26 14:50:01 ----D---- C:\Programfiler\Microsoft CAPICOM 2.1.0.2
2008-11-26 09:23:37 ----D---- C:\Documents and Settings\All Users\Programdata\NortonInstaller
2008-11-26 06:53:48 ----D---- C:\Documents and Settings\Christine\Programdata\Foxit
2008-11-26 06:53:20 ----D---- C:\Programfiler\Foxit Software
2008-11-26 06:23:00 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-11-26 06:13:51 ----A---- C:\Documents and Settings\Christine\Programdata\dm.ini
2008-11-26 06:00:01 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-26 06:00:00 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-26 05:59:59 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-26 05:18:34 ----A---- C:\WINDOWS\imsins.BAK
2008-11-26 05:08:40 ----D---- C:\Programfiler\Windows Live Toolbar
2008-11-26 05:07:14 ----SHD---- C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2008-11-26 05:06:16 ----D---- C:\Programfiler\Windows Live
2008-11-26 05:05:48 ----D---- C:\Documents and Settings\All Users\Programdata\WLInstaller
2008-11-26 04:37:30 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2008-11-26 04:37:30 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2008-11-26 04:33:19 ----D---- C:\Programfiler\WIDCOMM
2008-11-26 04:17:07 ----D---- C:\WINDOWS\ie7updates
2008-11-26 04:15:15 ----D---- C:\WINDOWS\WBEM
2008-11-26 04:15:12 ----D---- C:\WINDOWS\system32\nb-no
2008-11-26 04:13:14 ----HD---- C:\WINDOWS\ie7
2008-11-26 04:12:49 ----HD---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-26 04:12:08 ----HD---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-26 04:10:51 ----HD---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-26 04:09:47 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-26 04:05:17 ----D---- C:\WINDOWS\network diagnostic
2008-11-26 04:05:15 ----HD---- C:\WINDOWS\$NtUninstallKB914440$
2008-11-26 04:04:30 ----HD---- C:\WINDOWS\$NtUninstallKB904942$
2008-11-26 02:33:55 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-26 02:33:49 ----D---- C:\Programfiler\Alwil Software
2008-11-26 01:33:51 ----D---- C:\WINDOWS\ERUNT
2008-11-26 01:29:20 ----D---- C:\SDFix
2008-11-26 01:01:30 ----D---- C:\Documents and Settings\Christine\Programdata\Malwarebytes
2008-11-26 01:01:20 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2008-11-26 01:01:20 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-11-26 00:43:52 ----A---- C:\WINDOWS\etexy.vbs
2008-11-26 00:43:52 ----A---- C:\WINDOWS\bityw.dll
2008-11-26 00:43:52 ----A---- C:\Documents and Settings\Christine\Programdata\yhavecy.exe
2008-11-26 00:43:52 ----A---- C:\Documents and Settings\All Users\Programdata\pirotoxesy.vbs
2008-11-26 00:43:51 ----A---- C:\WINDOWS\system32\vucaxu.exe
2008-11-26 00:43:51 ----A---- C:\WINDOWS\dojexipy.exe
2008-11-26 00:43:51 ----A---- C:\Programfiler\Fellesfiler\daqol.dll
2008-11-26 00:43:51 ----A---- C:\Programfiler\Fellesfiler\afosily.com
2008-11-26 00:43:51 ----A---- C:\Documents and Settings\All Users\Programdata\kowi.com
2008-11-26 00:04:14 ----D---- C:\Documents and Settings\Christine\Programdata\Spyware Terminator
2008-11-25 23:52:51 ----D---- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-11-25 23:49:55 ----D---- C:\Programfiler\Spybot - Search & Destroy
2008-11-25 23:30:37 ----D---- C:\Documents and Settings\All Users\Programdata\Spyware Terminator
2008-11-25 23:30:35 ----D---- C:\Programfiler\Spyware Terminator
2008-11-25 23:19:25 ----SHD---- C:\WINDOWS\CSC
2008-11-24 11:42:19 ----D---- C:\Documents and Settings\All Users\Programdata\TEMP
2008-11-14 03:00:58 ----HD---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-14 03:00:46 ----HD---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-08 01:03:15 ----A---- C:\WINDOWS\yxymij.vbs
2008-11-08 01:03:15 ----A---- C:\WINDOWS\ywiq.dll
2008-11-08 01:03:15 ----A---- C:\WINDOWS\system32\heqefexi.dll
2008-11-08 01:03:15 ----A---- C:\WINDOWS\lupedybi.com
2008-11-08 01:03:15 ----A---- C:\WINDOWS\erifin.dll
2008-11-08 01:03:15 ----A---- C:\Documents and Settings\Christine\Programdata\pojamapur.exe
2008-11-08 01:03:15 ----A---- C:\Documents and Settings\All Users\Programdata\amuxaw.vbs

======List of files/folders modified in the last 1 months======

2008-11-30 06:27:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 13:44:04 ----A---- C:\WINDOWS\win.ini
2008-11-26 20:48:44 ----RASH---- C:\BOOT.INI
2008-11-26 20:48:44 ----N---- C:\WINDOWS\system.ini
2008-11-26 18:02:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 16:29:12 ----A---- C:\WINDOWS\winamp.ini
2008-11-04 01:10:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864]
R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 irda;IrDA-protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-05-14 740044]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2003-03-12 30171]
R3 CmBatt;Driver for batteri med Microsoft ACPI-kontrollmetode; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-01-30 6912]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-25 5888]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-12-05 68352]
R3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver for standard Microsoft USB-hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-07-25 1196460]
S3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys [2002-05-16 64342]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-07-25 93912]
S3 BCM43XX;WLAN 802.11g mini-PCI Module Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-18 265728]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2003-02-21 144480]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-04-08 51208]
S3 catchme;catchme; \??\C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\catchme.sys []
S3 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\All Users\Programdata\Spyware Terminator\FileObjInfo.sys []
S3 gv3;Intel GV3-prosessordriver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\D-LINK~1\PCANDIS5.SYS []
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB-filterdriver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-skannerdriver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 w70n51;Intel® PRO/Wireless 2100 Adapter-driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-11-26 975104]
S4 sr;Filterdriver for systemgjenoppretting; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Programfiler\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]
R2 Irmon;Infrarød overvåking; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2008-11-28 152984]
R2 MDM;Machine Debug Manager; C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Programfiler\Spyware Terminator\sp_rsser.exe [2008-11-25 539136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Programfiler\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]
R3 iPod Service;iPod Service; C:\Programfiler\iPod2\iPod\bin\iPodService.exe [2007-12-11 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programfiler\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-01 00:30:12

======Uninstall list======

-->C:\Programfiler\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Agere Systems AC'97 Modem-->agrsmdel
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
avast! Antivirus-->C:\Programfiler\Alwil Software\Avast4\aswRunDll.exe "C:\Programfiler\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Programfiler\CCleaner\uninst.exe"
DC++ 0.707-->"C:\Programfiler\DC++\uninstall.exe"
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link AirPlus Driver and Utility-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe" -l0x9
Foxit Reader-->C:\Programfiler\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Programfiler\trend micro\HijackThis.exe" /uninstall
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
iPod for Windows 2006-03-23-->C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1044
iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LimeWire 4.16.6-->"C:\Programfiler\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x14 UNINSTALL
Logitech MouseWare 9.80 -->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x14 -l0014 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110414-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.4)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MSN-verktøylinjen-->C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\mtbs.exe c
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
PictureProject-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Påloggingsassistent for Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Task Manager 1.7g-->C:\Programfiler\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start-meny\Programmer\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype 2.0-->"D:\Phone\unins000.exe"
Smartmenyer (Windows Live Toolbar)-->MsiExec.exe /X{12841457-E894-476B-B4AA-09F403E7B7C6}
Spyware Terminator-->"C:\Programfiler\Spyware Terminator\unins000.exe"
TM290E-->C:\Programfiler\TM290E\uninstall.exe
Uthevingsvisning (Windows Live Toolbar)-->MsiExec.exe /X{846F6102-3B56-4555-8D3D-E45A17C8BCC7}
Utvidelse for Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{DC752A56-5572-454C-9695-154ED6C1A5AB}
Viewpoint Manager (Remove Only)-->C:\Programfiler\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
VLC media player 0.9.6-->C:\Programfiler\VideoLAN\VLC\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WIDCOMM Bluetooth Software-->MsiExec.exe /X{0F51A262-1ADF-4914-B448-78AC58C4178A}
Winamp (remove only)-->"C:\Programfiler\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Media Format Runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1290 [VPS 081128-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programfiler\Fellesfiler\Teleca Shared;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programfiler\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 01 December 2008 - 02:01 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.


NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Transmogriff

Transmogriff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 01 December 2008 - 01:27 PM

Hi again,

and thanks for helping! Here are the logs:



SDFix: Version 1.240
Run by Christine on 01.12.2008 at 18:23

Microsoft Windows XP [Versjon 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 18:32:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programfiler\\iMesh\\iMesh5\\iMesh.exe"="D:\\Programfiler\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Programfiler\\iTunes2\\iTunes.exe"="C:\\Programfiler\\iTunes2\\iTunes.exe:*:Enabled:iTunes"
"D:\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="D:\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\\Phone\\Skype.exe"="D:\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\itunes\\iTunes.exe"="D:\\itunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\System32\\Drivers\\svchost.exe"="C:\\WINDOWS\\System32\\Drivers\\svchost.exe:*:Disabled:svchost"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programfiler\\Internet Explorer\\IEXPLORE.EXE"="C:\\Programfiler\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Christine\\Lokale innstillinger\\Temp\\WZSE0.TMP\\SymNRT.exe"="C:\\Documents and Settings\\Christine\\Lokale innstillinger\\Temp\\WZSE0.TMP\\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\\Programfiler\\uTorrent\\uTorrent.exe"="C:\\Programfiler\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\Christine\\Skrivebord\\utorrent.exe"="C:\\Documents and Settings\\Christine\\Skrivebord\\utorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="D:\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Fri 30 Jan 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Fri 30 Jan 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Programfiler\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Programfiler\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Programfiler\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Programfiler\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Thu 23 Sep 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Tue 16 Aug 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Thu 23 Sep 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 17 Feb 2008 21,504 ...H. --- "C:\Documents and Settings\Christine\Mine dokumenter\Diverse\~WRL0162.tmp"
Sat 6 Nov 2004 401 A..H. --- "C:\Documents and Settings\Administrator\Mine dokumenter\Min musikk\Sikkerhetskopi av lisens\drmv1lic.bak"
Thu 23 Sep 2004 4,348 ...H. --- "C:\Documents and Settings\Administrator\Mine dokumenter\Min musikk\Sikkerhetskopi av lisens\drmv1key.bak"
Fri 5 Nov 2004 400 A.SH. --- "C:\Documents and Settings\Administrator\Mine dokumenter\Min musikk\Sikkerhetskopi av lisens\drmv2key.bak"
Sat 19 Feb 2005 54,784 ...H. --- "C:\Documents and Settings\Christine\Mine dokumenter\1 avdeling jus\Erstatningsrett\~WRL1851.tmp"
Sun 27 Feb 2005 54,784 ...H. --- "C:\Documents and Settings\Christine\Mine dokumenter\1 avdeling jus\Erstatningsrett\~WRL0853.tmp"
Sun 27 Feb 2005 55,296 ...H. --- "C:\Documents and Settings\Christine\Mine dokumenter\1 avdeling jus\Erstatningsrett\~WRL2746.tmp"
Sun 27 Feb 2005 56,320 ...H. --- "C:\Documents and Settings\Christine\Mine dokumenter\1 avdeling jus\Erstatningsrett\~WRL3338.tmp"
Thu 19 Oct 2006 46,080 ...H. --- "C:\Documents and Settings\Christine\Mine dokumenter\2 avdeling jus\Folkerett\~WRL0814.tmp"
Thu 19 Oct 2006 48,128 ...H. --- "C:\Documents and Settings\Christine\Mine dokumenter\2 avdeling jus\Folkerett\~WRL0290.tmp"
Thu 19 Oct 2006 51,200 ...H. --- "C:\Documents and Settings\Christine\Mine dokumenter\2 avdeling jus\Folkerett\~WRL3122.tmp"
Thu 15 Apr 2004 59,904 A..H. --- "C:\Documents and Settings\Christine\Mine dokumenter\Rettsl‘re videreg†ende\Rettsl‘re\Diskett\3« Floppy (A)\Forbrukerrett\~WRL2777.tmp"
Fri 11 Jun 2004 60,416 A..H. --- "C:\Documents and Settings\Christine\Mine dokumenter\Rettsl‘re videreg†ende\Rettsl‘re\Diskett\3« Floppy (A)\Forbrukerrett\~WRL2601.tmp"
Fri 11 Jun 2004 60,928 A..H. --- "C:\Documents and Settings\Christine\Mine dokumenter\Rettsl‘re videreg†ende\Rettsl‘re\Diskett\3« Floppy (A)\Forbrukerrett\~WRL3009.tmp"

Finished!



ComboFix 08-11-30.02 - Christine 2008-12-01 18:46:42.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.106 [GMT 1:00]
Kjører fra: c:\documents and settings\Christine\Mine dokumenter\Downloads\ComboFix.exe
* Opprettet nytt gjenopprettingspunkt
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-01 til 2008-12-01 )))))))))))))))))))))))))))))))))
.

2008-12-01 18:22 . 2008-12-01 18:22 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-01 05:07 . 2008-12-01 05:07 <DIR> d-------- C:\bc9a964aefc20bb8e9df873c7e
2008-12-01 05:07 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-01 05:07 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-01 05:07 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-01 05:07 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-01 05:07 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-01 05:07 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-01 05:07 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-01 01:23 . 2008-12-01 01:23 <DIR> d-------- C:\!KillBox
2008-12-01 01:00 . 2008-12-01 01:00 <DIR> d-------- c:\documents and settings\Christine\Programdata\Uniblue
2008-12-01 00:28 . 2008-12-01 00:28 <DIR> d-------- C:\rsit
2008-12-01 00:28 . 2008-12-01 00:28 <DIR> d-------- c:\programfiler\trend micro
2008-11-29 01:58 . 2008-11-29 01:58 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-29 00:44 . 2008-12-01 18:33 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 00:44 . 2008-11-29 00:44 1,409 --a------ c:\windows\QTFont.for
2008-11-28 15:14 . 2008-11-28 15:13 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-27 15:29 . 2008-11-28 15:13 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-27 14:14 . 2008-11-27 14:14 12,568 --a------ c:\windows\system32\drivers\PROCEXP113.SYS
2008-11-27 14:13 . 2008-11-27 14:13 <DIR> d-------- c:\programfiler\pexpl
2008-11-27 14:09 . 2008-11-27 14:09 <DIR> d-------- c:\programfiler\Fport
2008-11-27 04:07 . 2008-11-27 04:07 <DIR> d-------- c:\programfiler\TeaTimer (Spybot - Search & Destroy)
2008-11-27 04:07 . 2008-11-27 04:07 <DIR> d-------- c:\programfiler\SDHelper (Spybot - Search & Destroy)
2008-11-27 04:07 . 2008-11-27 04:07 <DIR> d-------- c:\programfiler\Misc. Support Library (Spybot - Search & Destroy)
2008-11-27 04:07 . 2008-11-27 04:07 <DIR> d-------- c:\programfiler\File Scanner Library (Spybot - Search & Destroy)
2008-11-27 02:32 . 2008-11-27 02:32 <DIR> d-------- c:\documents and settings\Christine\Programdata\vlc
2008-11-27 02:21 . 2008-11-27 02:22 <DIR> d-------- c:\programfiler\VideoLAN
2008-11-27 00:28 . 2008-11-27 00:28 <DIR> d-------- c:\programfiler\uTorrent
2008-11-27 00:28 . 2008-11-27 00:28 <DIR> d-------- c:\documents and settings\Christine\Programdata\uTorrent
2008-11-26 23:59 . 2008-11-26 23:59 <DIR> d-------- c:\programfiler\DC++
2008-11-26 21:10 . 2008-11-26 21:10 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2008-11-26 21:07 . 2008-11-26 21:07 <DIR> d-------- c:\programfiler\SUPERAntiSpyware
2008-11-26 21:07 . 2008-11-26 21:07 <DIR> d-------- c:\documents and settings\Christine\Programdata\SUPERAntiSpyware.com
2008-11-26 20:37 . 2008-11-26 20:37 <DIR> d-------- c:\documents and settings\All Users\Programdata\SecTaskMan
2008-11-26 20:35 . 2008-11-26 20:35 <DIR> d-------- c:\programfiler\Security Task Manager
2008-11-26 17:39 . 2008-11-26 17:39 <DIR> d-------- c:\windows\system32\no
2008-11-26 17:39 . 2008-11-26 17:39 <DIR> d-------- c:\windows\l2schemas
2008-11-26 15:42 . 2008-04-14 18:22 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-26 15:41 . 2008-04-14 17:50 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-26 15:27 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-26 14:50 . 2008-11-26 14:50 <DIR> d-------- c:\programfiler\Microsoft CAPICOM 2.1.0.2
2008-11-26 09:23 . 2008-11-26 09:23 <DIR> d-------- c:\documents and settings\All Users\Programdata\NortonInstaller
2008-11-26 08:46 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-26 07:40 . 2008-11-26 07:40 <DIR> d-------- c:\documents and settings\Christine\.housecall6.6
2008-11-26 06:53 . 2008-11-26 06:53 <DIR> d-------- c:\programfiler\Foxit Software
2008-11-26 06:53 . 2008-11-26 06:53 <DIR> d-------- c:\documents and settings\Christine\Programdata\Foxit
2008-11-26 06:00 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-11-26 06:00 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-26 05:59 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-26 05:18 . 2008-11-28 14:35 1,393 --a------ c:\windows\imsins.BAK
2008-11-26 05:15 . 2008-11-26 05:15 <DIR> dr-h----- c:\documents and settings\Christine\Siste
2008-11-26 05:08 . 2008-11-26 05:08 <DIR> d-------- c:\programfiler\Windows Live Toolbar
2008-11-26 05:07 . 2008-11-26 05:07 <DIR> d--hs---- c:\programfiler\Fellesfiler\WindowsLiveInstaller
2008-11-26 05:06 . 2008-11-26 05:06 <DIR> d-------- c:\programfiler\Windows Live
2008-11-26 05:05 . 2008-11-26 05:05 <DIR> d-------- c:\documents and settings\All Users\Programdata\WLInstaller
2008-11-26 04:38 . 2008-11-26 04:38 <DIR> d-------- c:\documents and settings\Christine\Bluetooth Software
2008-11-26 04:33 . 2008-11-26 04:33 <DIR> d-------- c:\programfiler\WIDCOMM
2008-11-26 04:16 . 2008-10-03 18:31 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-11-26 04:16 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-26 04:16 . 2007-03-08 06:11 1,007,616 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-26 04:16 . 2008-08-26 09:30 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-11-26 04:16 . 2008-08-26 09:30 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-26 04:16 . 2008-08-26 09:30 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-11-26 04:16 . 2008-08-26 09:30 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-11-26 04:16 . 2008-08-26 09:30 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-26 04:16 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-11-26 04:15 . 2008-11-26 04:15 <DIR> d-------- c:\windows\system32\nb-no
2008-11-26 04:04 . 2007-08-13 18:54 33,792 --a------ c:\windows\system32\dllcache\custsat.dll
2008-11-26 02:33 . 2008-11-26 02:33 <DIR> d-------- c:\programfiler\Alwil Software
2008-11-26 02:14 . 2008-12-01 05:09 3,895 --a------ c:\windows\system32\BIN_STRSBW.SPT
2008-11-26 01:33 . 2008-11-26 01:33 <DIR> d-------- c:\windows\ERUNT
2008-11-26 01:29 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-26 01:01 . 2008-11-26 01:01 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-11-26 01:01 . 2008-11-26 01:01 <DIR> d-------- c:\documents and settings\Christine\Programdata\Malwarebytes
2008-11-26 01:01 . 2008-11-26 01:01 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-26 01:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-26 01:01 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-26 00:43 . 2008-11-26 00:43 19,224 --a------ c:\programfiler\Fellesfiler\afosily.com
2008-11-26 00:43 . 2008-11-26 00:43 18,724 --a------ c:\documents and settings\Christine\Programdata\yhavecy.exe
2008-11-26 00:43 . 2008-11-26 00:43 18,358 --a------ c:\windows\system32\lasisuvo.bin
2008-11-26 00:43 . 2008-11-26 00:43 17,654 --a------ c:\windows\system32\vucaxu.exe
2008-11-26 00:43 . 2008-11-26 00:43 17,445 --a------ c:\documents and settings\All Users\Programdata\kowi.com
2008-11-26 00:43 . 2008-11-26 00:43 17,325 --a------ c:\windows\bityw.dll
2008-11-26 00:43 . 2008-11-26 00:43 16,349 --a------ c:\windows\tudym.inf
2008-11-26 00:43 . 2008-11-26 00:43 14,236 --a------ c:\windows\dojexipy.exe
2008-11-26 00:43 . 2008-11-26 00:43 13,940 --a------ c:\windows\etexy.vbs
2008-11-26 00:43 . 2008-11-26 00:43 12,351 --a------ c:\windows\system32\lopojezi.pif
2008-11-26 00:43 . 2008-11-26 00:43 10,232 --a------ c:\documents and settings\All Users\Programdata\pirotoxesy.vbs
2008-11-26 00:43 . 2008-11-26 00:43 10,168 --a------ c:\programfiler\Fellesfiler\daqol.dll
2008-11-26 00:04 . 2008-11-26 00:04 <DIR> d-------- c:\documents and settings\Christine\Programdata\Spyware Terminator
2008-11-25 23:52 . 2008-11-25 23:52 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard
2008-11-25 23:49 . 2008-11-25 23:49 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy
2008-11-25 23:30 . 2008-11-25 23:30 <DIR> d-------- c:\programfiler\Spyware Terminator
2008-11-25 23:30 . 2008-11-25 23:30 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spyware Terminator
2008-11-25 23:30 . 2008-11-25 23:30 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Spyware Terminator
2008-11-25 23:30 . 2008-11-25 23:30 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-25 23:24 . 2008-11-25 23:24 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Talkback
2008-11-24 11:42 . 2008-11-24 11:42 <DIR> d-------- c:\documents and settings\All Users\Programdata\TEMP
2008-11-13 21:44 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 01:03 . 2008-11-08 01:03 18,928 --a------ c:\documents and settings\All Users\Programdata\amuxaw.vbs
2008-11-08 01:03 . 2008-11-08 01:03 18,219 --a------ c:\documents and settings\Christine\Programdata\pojamapur.exe
2008-11-08 01:03 . 2008-11-08 01:03 16,800 --a------ c:\windows\system32\otaziw.lib
2008-11-08 01:03 . 2008-11-08 01:03 16,794 --a------ c:\windows\system32\heqefexi.dll
2008-11-08 01:03 . 2008-11-08 01:03 14,972 --a------ c:\windows\vyqi.scr
2008-11-08 01:03 . 2008-11-08 01:03 14,902 --a------ c:\documents and settings\Christine\Programdata\udomuqekew.dat
2008-11-08 01:03 . 2008-11-08 01:03 14,463 --a------ c:\windows\yxymij.vbs
2008-11-08 01:03 . 2008-11-08 01:03 13,794 --a------ c:\windows\system32\yvyvuzi.bin
2008-11-08 01:03 . 2008-11-08 01:03 13,108 --a------ c:\windows\lupedybi.com
2008-11-08 01:03 . 2008-11-08 01:03 12,529 --a------ c:\windows\ywiq.dll
2008-11-08 01:03 . 2008-11-08 01:03 12,482 --a------ c:\windows\erifin.dll
2008-11-08 01:03 . 2008-11-08 01:03 10,910 --a------ c:\windows\ilatuc.dl
2008-11-08 01:03 . 2008-11-08 01:03 10,244 --a------ c:\documents and settings\Christine\Programdata\ponize.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 23:43 16,757 ----a-w c:\programfiler\Fellesfiler\afijykyxy.dl
2008-11-08 00:03 19,919 ----a-w c:\programfiler\Fellesfiler\ifetu.db
2008-11-08 00:03 17,486 ----a-w c:\programfiler\Fellesfiler\quho.lib
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-09-15 16:29 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 16:29 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 11:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 22:30 950,824 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:17 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-09-02 19:11 90,112 ----a-w c:\windows\DUMPd5e3.tmp
2007-12-31 15:18 4,096 ----a-w c:\documents and settings\Christine\log.dat
2006-03-27 21:38 359,112 ----a-w c:\programfiler\LimeWireWin.exe
2003-03-25 11:33 13,068,936 ----a-r c:\windows\system32\config\systemprofile\mpsetup.exe
2003-03-25 11:33 13,068,936 ----a-r c:\documents and settings\Default User\mpsetup.exe
2003-03-25 11:33 13,068,936 ----a-r c:\documents and settings\Christine\mpsetup.exe
2003-03-25 11:33 13,068,936 ------r c:\documents and settings\Administrator\mpsetup.exe
.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-11-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-02 118784]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2007-12-11 267048]
"SpywareTerminator"="c:\programfiler\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-25 2246144]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-28 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
D-Link AirPlus Utility.lnk - c:\programfiler\D-Link AirPlus\AIRPLUS.EXE [2006-06-12 245760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2002-07-25 16:49 151552 c:\programfiler\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:22 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-10-22 20:14 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-24 12:26 67128 d:\desktop messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 c:\programfiler\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-21 11:52 40960 c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-01-03 12:13 19495464 d:\phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 19:41 33792 c:\programfiler\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-07-25 11:22 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-12-11 18:50 20992 c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-05-14 13:20 55296 c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"d:\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Phone\\Skype.exe"=
"d:\\itunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programfiler\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Christine\\Skrivebord\\utorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-26 110160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-25 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\programfiler\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Programdata\Spyware Terminator\FileObjInfo.sys [2008-11-25 5632]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2007-12-24 30464]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-11-28 14:40]
.
- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\programfiler\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-ccApp - c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe
MSConfigStartUp-iTunesHelper - c:\programfiler\iTunes\iTunesHelper.exe
MSConfigStartUp-MsnMsgr - c:\programfiler\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-NAV CfgWiz - c:\programfiler\Fellesfiler\Symantec Shared\CfgWiz.exe
MSConfigStartUp-SunJavaUpdateSched - c:\programfiler\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe


.
------- Tilleggsskanning -------
.
FireFox -: Profile - c:\documents and settings\Christine\Programdata\Mozilla\Firefox\Profiles\nwgq7bwi.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - c:\documents and settings\Christine\Lokale innstillinger\Programdata\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\programfiler\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\programfiler\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\programfiler\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\programfiler\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF -: plugin - d:\itunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 18:52:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\programfiler\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\programfiler\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\programfiler\Java\jre6\bin\jqs.exe
c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programfiler\SPYWARE TERMINATOR\SP_RSSER.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\programfiler\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\programfiler\iPod2\iPod\bin\iPodService.exe
c:\programfiler\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2008-12-01 19:03:59 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2008-12-01 18:03:54

Pre-Run: 7 771 127 808 byte ledig
Post-Run: 7,819,345,920 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

301 --- E O F --- 2008-11-29 16:40:29




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:05, on 01.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Viewpoint\Common\ViewpointService.exe
C:\Programfiler\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\igfxtray.exe
D:\itunes\iTunesHelper.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe
C:\Programfiler\iPod2\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Programfiler\trend micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus Utility.lnk
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.bi.no/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod2\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programfiler\Viewpoint\Common\ViewpointService.exe

--
End of file - 7560 bytes

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 01 December 2008 - 06:27 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
Viewpoint Manager Service

File::
c:\programfiler\Fellesfiler\afosily.com
c:\documents and settings\Christine\Programdata\yhavecy.exe
c:\windows\system32\lasisuvo.bin
c:\windows\system32\vucaxu.exe
c:\documents and settings\All Users\Programdata\kowi.com
c:\windows\bityw.dll
c:\windows\tudym.inf
c:\windows\dojexipy.exe
c:\windows\etexy.vbs
c:\windows\system32\lopojezi.pif
c:\documents and settings\All Users\Programdata\pirotoxesy.vbs
c:\programfiler\Fellesfiler\daqol.dll
c:\documents and settings\All Users\Programdata\amuxaw.vbs
c:\documents and settings\Christine\Programdata\pojamapur.exe
c:\windows\system32\otaziw.lib
c:\windows\system32\heqefexi.dll
c:\windows\vyqi.scr
c:\documents and settings\Christine\Programdata\udomuqekew.dat
c:\windows\yxymij.vbs
c:\windows\system32\yvyvuzi.bin
c:\windows\lupedybi.com
c:\windows\ywiq.dll
c:\windows\erifin.dll
c:\windows\ilatuc.dl
c:\documents and settings\Christine\Programdata\ponize.bin
c:\programfiler\Fellesfiler\afijykyxy.dl
c:\programfiler\Fellesfiler\ifetu.db
c:\programfiler\Fellesfiler\quho.lib

Folder::
c:\programfiler\Viewpoint

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Transmogriff

Transmogriff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 December 2008 - 10:22 AM

Right, new logs:


ComboFix 08-11-30.02 - Christine 2008-12-02 15:45:13.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.92 [GMT 1:00]
Kjører fra: c:\documents and settings\Christine\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\Christine\Skrivebord\CFscript.txt
* Opprettet nytt gjenopprettingspunkt

FILE ::
c:\documents and settings\All Users\Programdata\amuxaw.vbs
c:\documents and settings\All Users\Programdata\kowi.com
c:\documents and settings\All Users\Programdata\pirotoxesy.vbs
c:\documents and settings\Christine\Programdata\pojamapur.exe
c:\documents and settings\Christine\Programdata\ponize.bin
c:\documents and settings\Christine\Programdata\udomuqekew.dat
c:\documents and settings\Christine\Programdata\yhavecy.exe
c:\programfiler\Fellesfiler\afijykyxy.dl
c:\programfiler\Fellesfiler\afosily.com
c:\programfiler\Fellesfiler\daqol.dll
c:\programfiler\Fellesfiler\ifetu.db
c:\programfiler\Fellesfiler\quho.lib
c:\windows\bityw.dll
c:\windows\dojexipy.exe
c:\windows\erifin.dll
c:\windows\etexy.vbs
c:\windows\ilatuc.dl
c:\windows\lupedybi.com
c:\windows\system32\heqefexi.dll
c:\windows\system32\lasisuvo.bin
c:\windows\system32\lopojezi.pif
c:\windows\system32\otaziw.lib
c:\windows\system32\vucaxu.exe
c:\windows\system32\yvyvuzi.bin
c:\windows\tudym.inf
c:\windows\vyqi.scr
c:\windows\ywiq.dll
c:\windows\yxymij.vbs
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Programdata\amuxaw.vbs
c:\documents and settings\All Users\Programdata\kowi.com
c:\documents and settings\All Users\Programdata\pirotoxesy.vbs
c:\documents and settings\Christine\Programdata\pojamapur.exe
c:\documents and settings\Christine\Programdata\ponize.bin
c:\documents and settings\Christine\Programdata\udomuqekew.dat
c:\documents and settings\Christine\Programdata\yhavecy.exe
c:\programfiler\Fellesfiler\afijykyxy.dl
c:\programfiler\Fellesfiler\afosily.com
c:\programfiler\Fellesfiler\daqol.dll
c:\programfiler\Fellesfiler\ifetu.db
c:\programfiler\Fellesfiler\quho.lib
c:\programfiler\Viewpoint
c:\programfiler\Viewpoint\Common\ViewpointService.exe
c:\programfiler\Viewpoint\Common\VistaBoot.sdll
c:\programfiler\Viewpoint\Viewpoint Manager\CPtask.xml
c:\programfiler\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
c:\programfiler\Viewpoint\Viewpoint Manager\ViewCPexe.exe
c:\programfiler\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\programfiler\Viewpoint\Viewpoint Manager\ViewMgr_.exe
c:\programfiler\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\programfiler\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\windows\bityw.dll
c:\windows\dojexipy.exe
c:\windows\erifin.dll
c:\windows\etexy.vbs
c:\windows\ilatuc.dl
c:\windows\lupedybi.com
c:\windows\system32\heqefexi.dll
c:\windows\system32\lasisuvo.bin
c:\windows\system32\lopojezi.pif
c:\windows\system32\otaziw.lib
c:\windows\system32\vucaxu.exe
c:\windows\system32\yvyvuzi.bin
c:\windows\tudym.inf
c:\windows\vyqi.scr
c:\windows\ywiq.dll
c:\windows\yxymij.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-02 til 2008-12-02 )))))))))))))))))))))))))))))))))
.

2008-12-02 02:56 . 2008-12-02 02:56 <DIR> d-------- c:\programfiler\SIERRA
2008-12-02 02:52 . 2008-12-02 02:52 <DIR> d-------- c:\programfiler\Alcohol Soft
2008-12-02 02:23 . 2008-12-02 02:24 715,248 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-02 01:25 . 2008-12-02 01:25 <DIR> d-------- C:\gknight
2008-12-02 00:03 . 2008-12-02 00:03 <DIR> d-------- C:\gabriel
2008-12-02 00:01 . 2008-12-02 00:01 <DIR> d-------- c:\programfiler\7-Zip
2008-12-01 23:18 . 2008-12-01 23:19 <DIR> d-------- C:\Prince
2008-12-01 23:17 . 2008-12-01 23:17 <DIR> d-------- c:\programfiler\DOSBox-0.72
2008-12-01 22:48 . 2008-12-01 22:48 <DIR> d-------- c:\programfiler\Ubisoft
2008-12-01 18:22 . 2008-12-01 18:22 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-01 05:07 . 2008-12-01 05:07 <DIR> d-------- C:\bc9a964aefc20bb8e9df873c7e
2008-12-01 05:07 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-01 05:07 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-01 05:07 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-01 05:07 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-01 05:07 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-01 05:07 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-01 05:07 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-01 01:23 . 2008-12-01 01:23 <DIR> d-------- C:\!KillBox
2008-12-01 01:00 . 2008-12-01 01:00 <DIR> d-------- c:\documents and settings\Christine\Programdata\Uniblue
2008-12-01 00:28 . 2008-12-01 00:28 <DIR> d-------- C:\rsit
2008-12-01 00:28 . 2008-12-01 00:28 <DIR> d-------- c:\programfiler\trend micro
2008-11-29 01:58 . 2008-11-29 01:58 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-28 15:14 . 2008-11-28 15:13 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-27 15:29 . 2008-11-28 15:13 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-27 14:14 . 2008-11-27 14:14 12,568 --a------ c:\windows\system32\drivers\PROCEXP113.SYS
2008-11-27 14:13 . 2008-11-27 14:13 <DIR> d-------- c:\programfiler\pexpl
2008-11-27 14:09 . 2008-11-27 14:09 <DIR> d-------- c:\programfiler\Fport
2008-11-27 04:07 . 2008-11-27 04:07 <DIR> d-------- c:\programfiler\TeaTimer (Spybot - Search & Destroy)
2008-11-27 04:07 . 2008-11-27 04:07 <DIR> d-------- c:\programfiler\SDHelper (Spybot - Search & Destroy)
2008-11-27 04:07 . 2008-11-27 04:07 <DIR> d-------- c:\programfiler\Misc. Support Library (Spybot - Search & Destroy)
2008-11-27 04:07 . 2008-11-27 04:07 <DIR> d-------- c:\programfiler\File Scanner Library (Spybot - Search & Destroy)
2008-11-27 02:32 . 2008-11-27 02:32 <DIR> d-------- c:\documents and settings\Christine\Programdata\vlc
2008-11-27 02:21 . 2008-11-27 02:22 <DIR> d-------- c:\programfiler\VideoLAN
2008-11-27 00:28 . 2008-11-27 00:28 <DIR> d-------- c:\programfiler\uTorrent
2008-11-27 00:28 . 2008-11-27 00:28 <DIR> d-------- c:\documents and settings\Christine\Programdata\uTorrent
2008-11-26 23:59 . 2008-11-26 23:59 <DIR> d-------- c:\programfiler\DC++
2008-11-26 21:10 . 2008-11-26 21:10 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2008-11-26 21:07 . 2008-11-26 21:07 <DIR> d-------- c:\programfiler\SUPERAntiSpyware
2008-11-26 21:07 . 2008-11-26 21:07 <DIR> d-------- c:\documents and settings\Christine\Programdata\SUPERAntiSpyware.com
2008-11-26 20:37 . 2008-11-26 20:37 <DIR> d-------- c:\documents and settings\All Users\Programdata\SecTaskMan
2008-11-26 20:35 . 2008-11-26 20:35 <DIR> d-------- c:\programfiler\Security Task Manager
2008-11-26 17:39 . 2008-11-26 17:39 <DIR> d-------- c:\windows\system32\no
2008-11-26 17:39 . 2008-11-26 17:39 <DIR> d-------- c:\windows\l2schemas
2008-11-26 15:42 . 2008-04-14 18:22 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-26 15:41 . 2008-04-14 17:50 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-26 15:27 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-26 14:50 . 2008-11-26 14:50 <DIR> d-------- c:\programfiler\Microsoft CAPICOM 2.1.0.2
2008-11-26 09:23 . 2008-11-26 09:23 <DIR> d-------- c:\documents and settings\All Users\Programdata\NortonInstaller
2008-11-26 08:46 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-26 07:40 . 2008-11-26 07:40 <DIR> d-------- c:\documents and settings\Christine\.housecall6.6
2008-11-26 06:53 . 2008-11-26 06:53 <DIR> d-------- c:\programfiler\Foxit Software
2008-11-26 06:53 . 2008-11-26 06:53 <DIR> d-------- c:\documents and settings\Christine\Programdata\Foxit
2008-11-26 06:00 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-11-26 06:00 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-26 05:59 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-26 05:18 . 2008-11-28 14:35 1,393 --a------ c:\windows\imsins.BAK
2008-11-26 05:15 . 2008-11-26 05:15 <DIR> dr-h----- c:\documents and settings\Christine\Siste
2008-11-26 05:08 . 2008-11-26 05:08 <DIR> d-------- c:\programfiler\Windows Live Toolbar
2008-11-26 05:07 . 2008-11-26 05:07 <DIR> d--hs---- c:\programfiler\Fellesfiler\WindowsLiveInstaller
2008-11-26 05:06 . 2008-11-26 05:06 <DIR> d-------- c:\programfiler\Windows Live
2008-11-26 05:05 . 2008-11-26 05:05 <DIR> d-------- c:\documents and settings\All Users\Programdata\WLInstaller
2008-11-26 04:38 . 2008-11-26 04:38 <DIR> d-------- c:\documents and settings\Christine\Bluetooth Software
2008-11-26 04:33 . 2008-11-26 04:33 <DIR> d-------- c:\programfiler\WIDCOMM
2008-11-26 04:16 . 2008-10-03 18:31 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-11-26 04:16 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-26 04:16 . 2007-03-08 06:11 1,007,616 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-26 04:16 . 2008-08-26 09:30 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-11-26 04:16 . 2008-08-26 09:30 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-26 04:16 . 2008-08-26 09:30 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-11-26 04:16 . 2008-08-26 09:30 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-11-26 04:16 . 2008-08-26 09:30 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-26 04:16 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-11-26 04:15 . 2008-11-26 04:15 <DIR> d-------- c:\windows\system32\nb-no
2008-11-26 04:04 . 2007-08-13 18:54 33,792 --a------ c:\windows\system32\dllcache\custsat.dll
2008-11-26 02:33 . 2008-11-26 02:33 <DIR> d-------- c:\programfiler\Alwil Software
2008-11-26 02:14 . 2008-12-02 15:17 1,094 --a------ c:\windows\system32\BIN_STRSBW.SPT
2008-11-26 01:33 . 2008-11-26 01:33 <DIR> d-------- c:\windows\ERUNT
2008-11-26 01:29 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-26 01:01 . 2008-11-26 01:01 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-11-26 01:01 . 2008-11-26 01:01 <DIR> d-------- c:\documents and settings\Christine\Programdata\Malwarebytes
2008-11-26 01:01 . 2008-11-26 01:01 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-26 01:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-26 01:01 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-26 00:04 . 2008-11-26 00:04 <DIR> d-------- c:\documents and settings\Christine\Programdata\Spyware Terminator
2008-11-25 23:52 . 2008-11-25 23:52 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard
2008-11-25 23:49 . 2008-11-25 23:49 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy
2008-11-25 23:30 . 2008-11-25 23:30 <DIR> d-------- c:\programfiler\Spyware Terminator
2008-11-25 23:30 . 2008-11-25 23:30 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spyware Terminator
2008-11-25 23:30 . 2008-11-25 23:30 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Spyware Terminator
2008-11-25 23:30 . 2008-11-25 23:30 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-25 23:24 . 2008-11-25 23:24 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Talkback
2008-11-24 11:42 . 2008-11-24 11:42 <DIR> d-------- c:\documents and settings\All Users\Programdata\TEMP
2008-11-13 21:44 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-09-15 16:29 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 16:29 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 11:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 22:30 950,824 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:17 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-09-02 19:11 90,112 ----a-w c:\windows\DUMPd5e3.tmp
2007-12-31 15:18 4,096 ----a-w c:\documents and settings\Christine\log.dat
2006-03-27 21:38 359,112 ----a-w c:\programfiler\LimeWireWin.exe
2003-03-25 11:33 13,068,936 ----a-r c:\windows\system32\config\systemprofile\mpsetup.exe
2003-03-25 11:33 13,068,936 ----a-r c:\documents and settings\Default User\mpsetup.exe
2003-03-25 11:33 13,068,936 ----a-r c:\documents and settings\Christine\mpsetup.exe
2003-03-25 11:33 13,068,936 ------r c:\documents and settings\Administrator\mpsetup.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-01_19.02.54.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-10 12:44:06 50,688 ----a-w c:\windows\system32\drivers\sfdrv01.sys
+ 2005-05-16 13:20:40 6,656 ----a-w c:\windows\system32\drivers\sfhlp02.sys
+ 2005-08-10 14:06:30 19,968 ----a-w c:\windows\system32\drivers\sfsync02.sys
+ 2005-09-29 17:01:52 66,048 ----a-w c:\windows\system32\drivers\sfvfs02.sys
+ 2008-12-02 14:50:16 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_4b8.dat
+ 2008-12-02 14:50:32 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_700.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-11-28 133104]
"AlcoholAutomount"="c:\programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-02 118784]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2007-12-11 267048]
"SpywareTerminator"="c:\programfiler\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-25 2246144]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-28 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
D-Link AirPlus Utility.lnk - c:\programfiler\D-Link AirPlus\AIRPLUS.EXE [2006-06-12 245760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2002-07-25 16:49 151552 c:\programfiler\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:22 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-10-22 20:14 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-24 12:26 67128 d:\desktop messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 c:\programfiler\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-21 11:52 40960 c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-01-03 12:13 19495464 d:\phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 19:41 33792 c:\programfiler\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-07-25 11:22 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-12-11 18:50 20992 c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-05-14 13:20 55296 c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"d:\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Phone\\Skype.exe"=
"d:\\itunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programfiler\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Christine\\Skrivebord\\utorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-26 110160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-25 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Programdata\Spyware Terminator\FileObjInfo.sys [2008-11-25 5632]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2007-12-24 30464]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-11-28 14:40]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 15:51:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skanner skjulte prosesser ...

c:\windows\EXPLORER.EXE [1668] 0xFFB604D8

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\programfiler\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\programfiler\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\programfiler\Java\jre6\bin\jqs.exe
c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programfiler\SPYWARE TERMINATOR\SP_RSSER.EXE
c:\programfiler\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programfiler\iPod2\iPod\bin\iPodService.exe
c:\programfiler\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2008-12-02 16:02:09 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2008-12-02 15:02:04
ComboFix2.txt 2008-12-01 18:04:02

Pre-Run: 6 604 881 920 byte ledig
Post-Run: 6,598,426,624 byte ledig

349 --- E O F --- 2008-11-29 16:40:29





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:55, on 02.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Spyware Terminator\sp_rsser.exe
C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\igfxtray.exe
D:\itunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\iPod2\iPod\bin\iPodService.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\trend micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Christine\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus Utility.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.bi.no/iNotes6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod2\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7377 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 02 December 2008 - 07:05 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How is your computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Transmogriff

Transmogriff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 December 2008 - 08:36 PM

It's definitely behaving better, thanks! :thumbsup:


Here is the ESET log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3659 (20081202)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=bbf9eec77a880040953b000443dee3b7
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-03 01:16:47
# local_time=2008-12-03 02:16:47 (+0100, Vest-Europa (normaltid))
# country="Norway"
# osver=5.1.2600 NT Service Pack 3
# scanned=268747
# found=3
# scan_time=3110
C:\SDFix\backups_old\catchme.zip Win32/Patched.AE virus (deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\catchme.zip »ZIP »TDSSF7C5.tmp Win32/Patched.AE virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Christine\Shared\duffy warwick avenue.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 3605A03C470F816777FC91D736039D46

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 02 December 2008 - 09:00 PM

Looks good to me.. Lets do this...


Time for some housekeeping[list]

[*]Click START then RUN
[*]Now type Combofix /u in the runbox and click OK
Please note that the space between combofix and /u is needed

Posted Image[/list




Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Transmogriff

Transmogriff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 December 2008 - 09:38 PM

Ok, ran the Combofix uninstall, thanks again for all your help!

The computer is still taking quite a while to start up, but again, I guess that's due to it only having 240mb ram. Other than that, its behaviour seems perfectly normal!



Regards,

Øystein

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 03 December 2008 - 10:45 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users