Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with conficker worm (I think)


  • This topic is locked This topic is locked
14 replies to this topic

#1 theOBO

theOBO

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 22 August 2009 - 08:19 AM

Hello to whoever out there reading this, and thank you for your time.

I'm having a serious problem with an infection wich I believe to be a conficker worm of some sort, and would greatly apreciate any help you can give. I am running Windows Home Eddition v. 2002, Service pack 3

Returning form Bolivia some time ago, I brought with me an infected flash drive. I scanned the drive with ClamWin Antivirus, wich turned out the following results:

Trojan.Dropper-18535 : E:/RECYCLE/jwgkvsq.vmx
INF.Autorun-29 : E:/Autorun.inf

I looked it up on the web, where I read that my drive contained the conficker B worm. I downloaded and ran the file anti-downadup-graphics.exe - apparantly a removal tool by Bitdefender for the conficker B worm and to hurriedly believed the files removed by the tool. This led me to open the drive on an administrator account (but by right-click, selecting "open", not autorun), and as a result my computer apparently became infected. This all happened about the start of July and I have used my computer at a minimum since, rarely turning it on, and even rarer conecting to the internet.

The thing that puzzles me is that the infection is not acting like I have been told it should, and I have been unable to clean it by any means found on the web, cleaning tools and manual instructions alike. The symptoms (that I have noticed) are:


- I cannot open antivirus software on the computer - fx. ClamWin fails to open, and Adaware refuses to scan, saying: "Scanner error: 5001 has occured. Description: Can't start Smart Scan, scanner is busy!"
- I cannot open the registry editor, selecting run and typing "regedit" only leads to the message [roughly translated from danish]: "the administrator has disabled the ability to edit the registry database", wich disappears by itself shortly afterwards.
- I cannot open the taskmanager, typing "taskmgr" in "Run" or pressing ctrl+alt+del only brings up the message [translated]: "task manager has been deactivated by your administrator.", wich also disappears quickly.
- I cannot boot into safemode, trying to do so only makes the computer reboot.
- My firewall (windows), is by default deactivated every time I open windows. (but my windows updater seems to be working fine, though)
- I can access the web, but not security related sites such as Kapersky, F-secure and Bit-defender.
- All drives on my computer acts as if they were files when trying to open them by doubble clicking in "my computer" - promting me to choose what program I would like to open the "file" with (but they can be accessed by right clicking or explorer)
- I cannot see hidden files, changing the setting causes it to reset when pressing OK (this could also be due to some other problem/infection, as I have been experiencing the same thing on my other computers)
- Inserting a flash drive into my computer causes it to try to write files to the drive.


I have used really a long time trying to solve this problem and has as a result tried all the removal tools for the conficker B worm I have been able to find on the net - all without succes. The tools I have tried are:

- Bit-defender anti-downadup-graphics.exe (as mentioned)
- Bit-defender "dclean"
- kapersky "kidokiller" / KK.exe
- Symatec D.exe
- F-secure fsmrt.exe
- Windows tool for malicious software removal

All of the tools were run only after downloading and installing the windows MS08-067 security patch

While the running of all the other tools (on an administrator account) returned a no infections found-message; fsmrt.exe only restarted the computer and failed to restart itself. I have also tried renaming all of the tools, running them again, to bypass the worms defences, and I have tried to follow a couple of manual removal guides, wich at some point asked me to open either the taskmanager or the registry editor - wich I can't.
I have (succesfully I think/hope) deleted the virus-files from my flash drive.

By now I have run out of ideas of what to do. I have checked different forums, but can't seem to be able to find a problem quite like this (if it's due to the lack of such a problem, or due to my lack of searching skills), so now I'm turning to the talented hands of the Bleeping Computer staff and users. I'm new as a user of this forum, but have been finding really valuable help and advise here for quite some time, and my impression is that you are really a bunch of talented guys, so I'm gratefull in advance for all help I will get.
I have tried to my best abillities to provide all informations I could, and I hope I haven't missed something - if I have, tell me!

The very best regards
- Morten

My DDS-log follows:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Morten at 20:39:34,32 on 21-08-2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.255.36 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Mine programmer\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\QKeys\QKeys.EXE
C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Mine programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Mine programmer\Kodak - Kamera-software\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Mine programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Mine programmer\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Morten\LOKALE~1\Temp\winlfgt.exe
C:\Documents and Settings\Morten\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\programmer\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\mine programmer\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\programmer\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized
uRun: [cdoosoft] c:\docume~1\morten\lokale~1\temp\olhrwef.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\programmer\ati technologies\ati control panel\atiptaxx.exe
mRun: [QKeys] c:\programmer\qkeys\QKeys.EXE
mRun: [GrooveMonitor] "c:\mine programmer\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\mine programmer\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
mRun: [QuickTime Task] "c:\mine programmer\quicktime\qttask.exe" -atboottime
mRun: [ClamWin] "c:\mine programmer\clamwin antivirus\bin\ClamTray.exe" --logon
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\morten\menuen~1\progra~1\start\onenot~1.lnk - c:\mine programmer\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adobeg~1.lnk - c:\programmer\fælles filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\mine programmer\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\kodake~1.lnk - c:\mine programmer\kodak - kamera-software\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\rtlwake.lnk - c:\programmer\belkin corporation\belkin wireless network monitor utility and driver\RtlWake.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\minepr~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\minepr~1\micros~1\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmer\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\minepr~1\micros~1\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198853242010
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198853223343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5483/mcfscan.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\mine programmer\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\mine programmer\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\morten\applic~1\mozilla\firefox\profiles\0j6t3ghx.default\
FF - plugin: c:\mine programmer\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\mine programmer\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\mine programmer\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\mine programmer\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\mine programmer\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\mine programmer\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\mine programmer\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\mine programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-7-5 26624]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-12-28 8849]
R2 MP3Driver;MP3Driver;c:\windows\system32\drivers\MP3Driver.sys [2003-6-26 7240]
R2 aawservice;Lavasoft Ad-Aware Service;c:\mine programmer\ad-aware\aawservice.exe [2008-9-10 611664]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\fqhglr.sys --> c:\windows\system32\drivers\fqhglr.sys [?]
R3 rtl8180;Belkin 11Mbps Wireless Notebook Network Card Driver;c:\windows\system32\drivers\Bel6020.sys [2007-12-28 168448]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2009-7-3 18688]
S3 Clip8xxnpnrc;Clip8xxnpnrc; [x]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-9-3 18432]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-5-7 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-5-7 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-5-7 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2008-5-7 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-5-7 86368]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys [2008-3-29 89856]

=============== Created Last 30 ================


==================== Find3M ====================

2009-07-05 03:37 120,320 a------- c:\windows\soundman.exe
2009-07-05 03:17 26,624 a------- c:\windows\system32\drivers\fsbts.sys
2009-06-30 09:51 325,198 a------- c:\windows\system32\perfh006.dat
2009-06-30 09:51 47,474 a------- c:\windows\system32\perfc006.dat
2007-12-30 20:19 32 -------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2009-01-04 20:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012009010420090105\index.dat

============= FINISH: 20:42:11,40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:55 AM

Posted 01 September 2009 - 10:29 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 theOBO

theOBO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 03 September 2009 - 04:11 PM

Hi Syler.

First and foremost thank you so much for helping me with my problem. It's almost indescribable how releiving it feels just to see some kind of progress!

I have done as you told me, the only problem I encountered was that MBAM did't autostart even with the boxes checked, and couldn't opdate when I tried afterwards prompted it to. I had to reinstall and this time the autostart worked, only I don't know if it did update (I didn't see a confirmation or anything when I returned to my computer). When trying to update I did get the screen that said "connecting to malwarebytes.org, but at the same time it showed the message (translated from danish):

"An error has occured. Please report this error code to Malwarebytes' Anti-Malware support team.

Error code: 732 (0, 0)"

None the less I ran the scan, and it did find some objects, and everything went as supposed to from that point.

The logs follow:

------------------------

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

03-09-2009 22:04:46
mbam-log-2009-09-03 (22-04-45).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 168999
Tid tilbagelagt: 1 hour(s), 24 minute(s), 44 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 3
Inficerede Mapper: 0
Inficerede Filer: 4

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Documents and Settings\Al Kazim\Lokale indstillinger\Temp\nmdfgds0.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morten\Lokale indstillinger\Temp\nmdfgds0.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svñshost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\System32xp.exe.tmp (Malware.Trace) -> Quarantined and deleted successfully.



---------------------------



Logfile of random's system information tool 1.06 (written by random/random)
Run by Morten at 2009-09-03 22:31:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (25%) free of 37 GB
Total RAM: 255 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:45, on 03-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Mine programmer\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\QKeys\QKeys.EXE
C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Mine programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Mine programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Mine programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Morten\Skrivebord\RSIT.exe
C:\Documents and Settings\Al Kazim\Skrivebord\HiJackThis\Morten.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Mine programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QKeys] C:\Programmer\QKeys\QKeys.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Mine programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Mine programmer\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Mine programmer\ClamWin antivirus\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Mine programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Mine programmer\Kodak - Kamera-software\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: RtlWake.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MINEPR~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MINEPR~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MINEPR~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MINEPR~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198853242010
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198853223343
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...483/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Mine programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Mine programmer\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - E:\Dokumenter\Egne filer\Billeder\Animations\Winter.jpg
O24 - Desktop Component 1: (no name) - E:\Dokumenter\Egne filer\Billeder\anarchy.JPG
O24 - Desktop Component 2: (no name) - E:\Dokumenter\Arkiv - Ryd op\Billeder\Animations\valley.jpg
O24 - Desktop Component 3: (no name) - E:\Dokumenter\Egne filer\Billeder\Kodak Pictures\Nils lejlighed - sommerferie\Nils lejlighed-s07_0048.JPG
O24 - Desktop Component 4: (no name) - E:\Dokumenter\Arkiv - Ryd op\Billeder\Peace\peace-unity.jpg
O24 - Desktop Component 5: (no name) - E:\Dokumenter\Egne filer\Billeder\Foot.JPG
O24 - Desktop Component 7: (no name) - https://login.yahoo.com/config/mail?.intl=us

--
End of file - 8725 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D04175D0-CC96-4856-BDBF-101F147D6B4C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Mine programmer\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programmer\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2009-07-05 120320]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe [2009-07-05 372736]
"QKeys"=C:\Programmer\QKeys\QKeys.EXE [2009-07-05 323584]
"GrooveMonitor"=C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 107376]
"HP Software Update"=C:\Mine programmer\HP\HP Software Update\HPWuSchd2.exe [2009-07-05 122880]
"Adobe Reader Speed Launcher"=C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-07-05 113520]
"CmUsbSound"=RunDll32 cmcnfgu.cpl,CMICtrlWnd []
"QuickTime Task"=C:\Mine programmer\Quicktime\qttask.exe [2009-07-05 491520]
"ClamWin"=C:\Mine programmer\ClamWin antivirus\bin\ClamTray.exe [2009-06-11 86016]
"SunJavaUpdateSched"=C:\Programmer\Java\jre6\bin\jusched.exe [2009-07-05 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe [2009-07-05 5802008]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Programmer\Skype\Phone\Skype.exe [2009-01-29 23975720]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
Adobe Gamma Loader.lnk - C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe
Kodak EasyShare software.lnk - C:\Mine programmer\Kodak - Kamera-software\Kodak EasyShare software\bin\EasyShare.exe
RtlWake.lnk - C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe

C:\Documents and Settings\Morten\Menuen Start\Programmer\Start
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Mine programmer\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Mine programmer\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Mine programmer\Microsoft Office\Office12\GROOVE.EXE"="C:\Mine programmer\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Mine programmer\Microsoft Office\Office12\ONENOTE.EXE"="C:\Mine programmer\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programmer\Fox\Aliens vs. Predator 2\AVP2Serv.exe"="C:\Programmer\Fox\Aliens vs. Predator 2\AVP2Serv.exe:*:Enabled:AVP2 Stand-Alone Server"
"C:\Programmer\Windows Live\Messenger\msnmsgr.exe"="C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe:*:Enabled:ipsec"
"C:\Programmer\Windows Live\Messenger\livecall.exe"="C:\Programmer\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"E:\fsyi.pif"="E:\fsyi.pif:*:Enabled:ipsec"
"C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec"
"C:\Programmer\Skype\Plugin Manager\skypePM.exe"="C:\Programmer\Skype\Plugin Manager\skypePM.exe:*:Enabled:ipsec"
"C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:ipsec"
"C:\Mine programmer\HP\Digital Imaging\bin\hpqSTE08.exe"="C:\Mine programmer\HP\Digital Imaging\bin\hpqSTE08.exe:*:Enabled:ipsec"
"C:\WINDOWS\SOUNDMAN.EXE"="C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winovrii.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winovrii.exe:*:Enabled:ipsec"
"C:\Mine programmer\HP\Digital Imaging\bin\hpqtbx01.exe"="C:\Mine programmer\HP\Digital Imaging\bin\hpqtbx01.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winjmwi.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winjmwi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winuqrxkd.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winuqrxkd.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winlfgt.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winlfgt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winwnwc.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winwnwc.exe:*:Enabled:ipsec"
"C:\Programmer\Java\jre6\bin\jusched.exe"="C:\Programmer\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winfvbd.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winfvbd.exe:*:Enabled:ipsec"
"C:\Programmer\Skype\Phone\Skype.exe"="C:\Programmer\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmer\Windows Live\Messenger\msnmsgr.exe"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmer\Windows Live\Messenger\livecall.exe"="C:\Programmer\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83fcad70-bc9b-11dd-aa06-0030bd4e38ba}]
shell\AutoRun\command - E:\PMB_P.exe


======List of files/folders created in the last 1 months======

2009-09-03 22:31:20 ----D---- C:\rsit
2009-09-03 19:28:53 ----D---- C:\Programmer\Malwarebytes' Anti-Malware
2009-09-03 17:04:59 ----D---- C:\Documents and Settings\Morten\Application Data\Malwarebytes
2009-09-03 17:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-21 20:54:28 ----A---- C:\RootRepeal report 08-21-09 (20-54-28).txt

======List of files/folders modified in the last 1 months======

2009-09-03 22:18:23 ----D---- C:\Documents and Settings\Morten\Application Data\Skype
2009-09-03 22:15:57 ----D---- C:\WINDOWS\Temp
2009-09-03 22:14:04 ----D---- C:\WINDOWS\system32\drivers
2009-09-03 22:10:24 ----RD---- C:\Programmer
2009-09-03 22:09:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-03 22:04:45 ----D---- C:\WINDOWS\system32
2009-09-03 20:00:05 ----D---- C:\WINDOWS\Prefetch
2009-09-03 19:28:01 ----D---- C:\Mine programmer
2009-09-03 16:34:33 ----D---- C:\Documents and Settings\Morten\Application Data\skypePM
2009-08-22 13:04:07 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-21 20:35:54 ----D---- C:\WINDOWS
2009-08-21 14:29:56 ----D---- C:\WINDOWS\inf
2009-08-21 14:21:01 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Driver til AMD K7-processor; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2002-11-22 8849]
R2 irda;IrDA-protokol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MP3Driver;MP3Driver; C:\WINDOWS\system32\drivers\MP3Driver.sys [2002-05-28 7240]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-11-27 730700]
R3 Arp1394;1394 ARP-klientprotokol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\fqhglr.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-10-12 539520]
R3 CmBatt;Microsoft ACPI Control Method-batteri; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem - streamingfilterenhed; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-18 16128]
R3 mouhid;HID-driver til mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-04 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2002-09-25 196040]
R3 NIC1394;1394-netværksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared enhedsdriver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-18 19584]
R3 rtl8180;Belkin 11Mbps Wireless Notebook Network Card Driver; C:\WINDOWS\System32\DRIVERS\Bel6020.sys [2003-07-09 168448]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2002-09-25 476368]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2002-08-28 39348]
R3 usbehci;Miniportdriver til Microsoft USB 2.0-udvidet værtscontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver til Microsoft USB-standardhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB-universel værtscontroller miniportdriver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-10-30 10240]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-07-07 152049]
S1 P3;Driver til Intel PentiumIII-processor; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 Bridge;MAC-bro; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC-bro-miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys []
S3 cmudau;C-Media USB Sound Interface; C:\WINDOWS\system32\drivers\cmudau.sys [2004-02-13 824320]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-07-07 70070]
S3 FETNDIS;NT-driver til VIA PCI 10/100Mb Fast Ethernet-netværkskort; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-18 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-28 40960]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2002-09-25 1860936]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2002-09-11 162008]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2002-09-25 84880]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Overordnet Microsoft USB-standarddriver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-scannerdriver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Driver til USB-lagerenhed; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service; C:\WINDOWS\system32\drivers\zmhhpau.sys [2008-03-29 89856]
S4 sr;Filterdriver til Systemgendannelse; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2002-10-12 147456]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-06-08 54784]
R2 Irmon;Infrarød overvågning; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmer\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2002-09-25 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Mine programmer\Ad-Aware\aawservice.exe [2008-09-10 611664]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Mine programmer\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 146288]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 521600]
S3 ose;Office Source Engine; C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 218912]
S3 usnjsvc;Læsetjeneste til USN-poster for delemapper i Messenger; C:\Programmer\Windows Live\Messenger\usnsvc.exe [2007-10-18 167960]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programmer\Windows Live\installer\WLSetupSvc.exe [2007-10-25 335872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programmer\Windows Media Player\WMPNetwk.exe [2006-10-18 987136]

-----------------EOF-----------------








info.txt logfile of random's system information tool 1.06 2009-09-03 22:31:53

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Mine programmer\Adobe Photoshop 7.0\Uninst.isu" -c"C:\Mine programmer\Adobe Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 - Dansk-->MsiExec.exe /I{AC76BA86-7AD7-1030-7B44-A81200000003}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudioDJ_MP3Player-->C:\PROGRA~1\FLLESF~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C9016F05-CBC1-45C8-A349-C0E8C6802A92} /l1033
Belkin Wireless Network Monitor Utility and Driver-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{47825464-4677-4A8D-B58E-54894D89C4AB}\setup.exe" -l0x6 REMOVE
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
ClamWin Free Antivirus 0.95.2-->"C:\Mine programmer\ClamWin antivirus\unins000.exe"
Cobian Backup 9-->C:\mine Programmer\Cobian Backup 9\cbUninstall.exe
ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
HijackThis 2.0.2-->"C:\Documents and Settings\Al Kazim\Skrivebord\HiJackThis\HijackThis.exe" /uninstall
HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix til Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix til Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix til Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 5400 series-->C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0-->C:\Mine programmer\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0-->C:\Mine programmer\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImgBurn-->"C:\Mine programmer\ImgBurn\uninstall.exe"
iriver Music Manager-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{5986F167-4C6C-4D03-9706-E1189B2A1462}\Setup.exe" -l0x12 anything
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_1f2f00\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"C:\Programmer\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Might and Magic® VIII: Day of the Destroyer™-->C:\WINDOWS\IsUninst.exe -f"C:\Mine programmer\Spil\3DO\Might and Magic VIII\Uninst.isu" -c"C:\Mine programmer\Spil\3DO\Might and Magic VIII\uninst.dll
Mozilla Firefox (3.0.11)-->C:\Mine programmer\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Opdatering til Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Politikens Nudansk Ordbog-->MsiExec.exe /I{1B8E583F-7B1C-4EAF-AE72-798DBCFCD94E}
PowerDVD-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QKeys-->C:\WINDOWS\iun6002.exe "C:\Programmer\QKeys\irunin.ini"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rage of Mages-->C:\WINDOWS\aluinst.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SafeCast Shared Components-->C:\Programmer\Fælles filer\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhedsopdatering til Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Link 56K Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
Sony Ericsson PC Suite-->MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
Steinberg Cubase LE 4-->MsiExec.exe /I{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}
SuperDJ™ ver 3.5.0-->MsiExec.exe /X{DC1F33F7-BC52-452B-87C4-67F3E91290EF}
Syncrosoft License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
USB Audio Adapter With Mic-->C:\WINDOWS\CmiUSB2Uninstall.exe C:\PROGRA~1\USBAUD~1#USB Audio Adapter With Mic
VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Vigtig opdatering til Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live installer-->MsiExec.exe /X{38092A00-F9C8-420F-B5CB-C56F89F94B12}
Windows Live Messenger-->MsiExec.exe /X{1EDF0646-14CE-46FE-8785-9E12E29686DF}
Windows Media Format 11 runtime-->"C:\Programmer\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programmer\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Programmer\WinRAR\uninstall.exe
ZOOM H Series Audio Driver-->C:\Programmer\ZOOM\H Series Driver\zoomhhpuninst.exe

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: RICHARDHINSPAGE
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til stoppet.

Record Number: 146248
Source Name: Service Control Manager
Time Written: 20090703221026.000000+120
Event Type: oplysninger
User:

Computer Name: RICHARDHINSPAGE
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til kører.

Record Number: 146247
Source Name: Service Control Manager
Time Written: 20090703221026.000000+120
Event Type: oplysninger
User:

Computer Name: RICHARDHINSPAGE
Event Code: 7035
Message: Tjenesten Pml Driver HPZ12 modtog en start-kontrol.

Record Number: 146246
Source Name: Service Control Manager
Time Written: 20090703221026.000000+120
Event Type: oplysninger
User: RICHARDHINSPAGE\Morten

Computer Name: RICHARDHINSPAGE
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til stoppet.

Record Number: 146245
Source Name: Service Control Manager
Time Written: 20090703220827.000000+120
Event Type: oplysninger
User:

Computer Name: RICHARDHINSPAGE
Event Code: 7036
Message: Tjenesten Pml Driver HPZ12 skiftede tilstand til kører.

Record Number: 146244
Source Name: Service Control Manager
Time Written: 20090703220826.000000+120
Event Type: oplysninger
User:

=====Application event log=====

Computer Name: RICHARDHINSPAGE
Event Code: 2003
Message: EAPOL-tjenesten kører

Record Number: 2584
Source Name: EAPOL
Time Written: 20090104170458.000000+060
Event Type: oplysninger
User:

Computer Name: RICHARDHINSPAGE
Event Code: 1800
Message: Tjenesten Windows Sikkerhedscenter er startet.

Record Number: 2583
Source Name: SecurityCenter
Time Written: 20090104170256.000000+060
Event Type: oplysninger
User:

Computer Name: RICHARDHINSPAGE
Event Code: 105
Message:
Record Number: 2582
Source Name: dcfssvc
Time Written: 20090104170241.000000+060
Event Type: oplysninger
User:

Computer Name: RICHARDHINSPAGE
Event Code: 11707
Message: Product: Ad-Aware -- Installation operation completed successfully.

Record Number: 2581
Source Name: MsiInstaller
Time Written: 20090104133841.000000+060
Event Type: oplysninger
User: RICHARDHINSPAGE\Morten

Computer Name: RICHARDHINSPAGE
Event Code: 11724
Message: Product: Ad-Aware 2007 -- Removal completed successfully.

Record Number: 2580
Source Name: MsiInstaller
Time Written: 20090104130928.000000+060
Event Type: oplysninger
User: RICHARDHINSPAGE\Morten

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programmer\ATI Technologies\ATI Control Panel;C:\Programmer\Fælles filer\Teleca Shared;C:\Mine programmer\Quicktime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programmer\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programmer\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:55 AM

Posted 04 September 2009 - 03:46 PM

Hi theOBO,

I see that you have Clamwin as your Anti Virus, Clamwin is not the same as most AV's because it does not have any active protection, which
is very important, so you need to install an AV that will offer the real time protection you need.
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Next

MBAM has not updated properly so lets get it updated then run another scan, go here and download the definitions file then run the file
to update MBAM, then run another full scan.

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with the following:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 theOBO

theOBO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 05 September 2009 - 03:25 PM

Okay, I have tried out what you asked, and status is this:

I still don't have any realtime protection, since the computer simply refused to intall Avast! (abandonning the procces) and I was forced to uninstall AntiVir again.
Firstly it didn't run before I restarted my computer (even when trying to open it), and afterwards it autoran and kept on reporting a large number of seemingly random .exe-files (programs such as java, winrar and messenger) as vira - over and over again, with the message (eg.):
"A Virus or unwanted program was found!
What should happen to the file?
C:\Programmer\winrar\winrar.exe
contains code of the W32/Sality.Y windows Virus."

After a further restart, the program didn't appear in the statusbar, but kept on spamming me; trying to open the program manually only returned the message:
"ERROR
The application module
C:\programmer\avira\antivir desktop\avcenter.exe
cannot be found or has been modified or destroyed.
the AVCENTER.EXE cannot be started.
Please check your installation!"

Being unable to work while the program was active, and unable to disable it, I uninstalled.


MBAM on the other hand worked as suposed to - was updated succesfully and removed 5 objects, after a restart.


Downloading and running GMER, I ran the scan, but after a very short while, the computer simply restarted and on logon windows returned the message:
"the system has been restored after a serious problem"
and the error Signature:
"BCCode : 44 BCP1 : 826E13D8 BCP2 : 00000D64 BCP3 : 00000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1 "

The microsoft trouble shooting told me that "a hardware device, its driver, or related software has caused a blue screen error"
I have saved the files that were included in the error report if they are of any use whatsoever.

Anyway I ran RSIT, wich only returned a single log this time.



--------------------------------------

Malwarebytes' Anti-Malware 1.40
Database version: 2734
Windows 5.1.2600 Service Pack 3

05-09-2009 19:37:32
mbam-log-2009-09-05 (19-37-32).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 173114
Tid tilbagelagt: 1 hour(s), 30 minute(s), 49 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 3

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Documents and Settings\Al Kazim\Lokale indstillinger\Temp\winwgefv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Morten\Lokale indstillinger\Temp\ldghsu.exe (Trojan.Downloader) -> Delete on reboot.
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully.




-------------------------




Logfile of random's system information tool 1.06 (written by random/random)
Run by Morten at 2009-09-05 21:55:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (25%) free of 37 GB
Total RAM: 255 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:17, on 05-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Mine programmer\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\QKeys\QKeys.EXE
C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Mine programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\DOCUME~1\Morten\LOKALE~1\Temp\qhai.exe
C:\Documents and Settings\Morten\Skrivebord\RSIT.exe
C:\Documents and Settings\Al Kazim\Skrivebord\HiJackThis\Morten.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Mine programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QKeys] C:\Programmer\QKeys\QKeys.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Mine programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Mine programmer\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Mine programmer\ClamWin antivirus\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Mine programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Mine programmer\Kodak - Kamera-software\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: RtlWake.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MINEPR~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MINEPR~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MINEPR~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MINEPR~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198853242010
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198853223343
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...483/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Mine programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Mine programmer\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - E:\Dokumenter\Egne filer\Billeder\Animations\Winter.jpg
O24 - Desktop Component 1: (no name) - E:\Dokumenter\Egne filer\Billeder\anarchy.JPG
O24 - Desktop Component 2: (no name) - E:\Dokumenter\Arkiv - Ryd op\Billeder\Animations\valley.jpg
O24 - Desktop Component 3: (no name) - E:\Dokumenter\Egne filer\Billeder\Kodak Pictures\Nils lejlighed - sommerferie\Nils lejlighed-s07_0048.JPG
O24 - Desktop Component 4: (no name) - E:\Dokumenter\Arkiv - Ryd op\Billeder\Peace\peace-unity.jpg
O24 - Desktop Component 5: (no name) - E:\Dokumenter\Egne filer\Billeder\Foot.JPG
O24 - Desktop Component 7: (no name) - https://login.yahoo.com/config/mail?.intl=us

--
End of file - 8378 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D04175D0-CC96-4856-BDBF-101F147D6B4C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Mine programmer\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programmer\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2009-07-05 120320]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe [2009-07-05 372736]
"QKeys"=C:\Programmer\QKeys\QKeys.EXE [2009-07-05 323584]
"GrooveMonitor"=C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 107376]
"HP Software Update"=C:\Mine programmer\HP\HP Software Update\HPWuSchd2.exe [2009-07-05 122880]
"Adobe Reader Speed Launcher"=C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-07-05 113520]
"CmUsbSound"=RunDll32 cmcnfgu.cpl,CMICtrlWnd []
"QuickTime Task"=C:\Mine programmer\Quicktime\qttask.exe [2009-07-05 491520]
"ClamWin"=C:\Mine programmer\ClamWin antivirus\bin\ClamTray.exe [2009-06-11 86016]
"SunJavaUpdateSched"=C:\Programmer\Java\jre6\bin\jusched.exe [2009-07-05 218520]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
Adobe Gamma Loader.lnk - C:\Programmer\Fælles filer\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe
Kodak EasyShare software.lnk - C:\Mine programmer\Kodak - Kamera-software\Kodak EasyShare software\bin\EasyShare.exe
RtlWake.lnk - C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe

C:\Documents and Settings\Morten\Menuen Start\Programmer\Start
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Mine programmer\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Mine programmer\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Mine programmer\Microsoft Office\Office12\GROOVE.EXE"="C:\Mine programmer\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Mine programmer\Microsoft Office\Office12\ONENOTE.EXE"="C:\Mine programmer\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programmer\Fox\Aliens vs. Predator 2\AVP2Serv.exe"="C:\Programmer\Fox\Aliens vs. Predator 2\AVP2Serv.exe:*:Enabled:AVP2 Stand-Alone Server"
"C:\Programmer\Windows Live\Messenger\msnmsgr.exe"="C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe:*:Enabled:ipsec"
"C:\Programmer\Windows Live\Messenger\livecall.exe"="C:\Programmer\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"E:\fsyi.pif"="E:\fsyi.pif:*:Enabled:ipsec"
"C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec"
"C:\Programmer\Skype\Plugin Manager\skypePM.exe"="C:\Programmer\Skype\Plugin Manager\skypePM.exe:*:Enabled:ipsec"
"C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Mine programmer\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:ipsec"
"C:\Mine programmer\HP\Digital Imaging\bin\hpqSTE08.exe"="C:\Mine programmer\HP\Digital Imaging\bin\hpqSTE08.exe:*:Enabled:ipsec"
"C:\WINDOWS\SOUNDMAN.EXE"="C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winovrii.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winovrii.exe:*:Enabled:ipsec"
"C:\Mine programmer\HP\Digital Imaging\bin\hpqtbx01.exe"="C:\Mine programmer\HP\Digital Imaging\bin\hpqtbx01.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winjmwi.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winjmwi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winuqrxkd.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winuqrxkd.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winlfgt.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winlfgt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winwnwc.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winwnwc.exe:*:Enabled:ipsec"
"C:\Programmer\Java\jre6\bin\jusched.exe"="C:\Programmer\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winfvbd.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winfvbd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\xhpia.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\xhpia.exe:*:Enabled:ipsec"
"C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe"="C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ipsec"
"C:\Mine programmer\HP\HP Software Update\hpwuschd2.exe"="C:\Mine programmer\HP\HP Software Update\hpwuschd2.exe:*:Disabled:Hewlett-Packard Product Assistant"
"C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe"="C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\wintirel.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\wintirel.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\fohbwj.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\fohbwj.exe:*:Enabled:ipsec"
"C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe"="C:\Mine programmer\Microsoft Office\Office12\GrooveMonitor.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\ldghsu.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\ldghsu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\winlbbq.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\winlbbq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Morten\LOKALE~1\Temp\iukbv.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\iukbv.exe:*:Enabled:ipsec"
"C:\Programmer\Skype\Phone\Skype.exe"="C:\Programmer\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\DOCUME~1\Morten\LOKALE~1\Temp\qhai.exe"="C:\DOCUME~1\Morten\LOKALE~1\Temp\qhai.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmer\Windows Live\Messenger\msnmsgr.exe"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmer\Windows Live\Messenger\livecall.exe"="C:\Programmer\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83fcad70-bc9b-11dd-aa06-0030bd4e38ba}]
shell\AutoRun\command - E:\PMB_P.exe


======List of files/folders created in the last 1 months======

2009-09-03 22:31:20 ----D---- C:\rsit
2009-09-03 19:28:53 ----D---- C:\Programmer\Malwarebytes' Anti-Malware
2009-09-03 17:04:59 ----D---- C:\Documents and Settings\Morten\Application Data\Malwarebytes
2009-09-03 17:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-21 20:54:28 ----A---- C:\RootRepeal report 08-21-09 (20-54-28).txt

======List of files/folders modified in the last 1 months======

2009-09-05 21:22:51 ----D---- C:\Documents and Settings\Morten\Application Data\Skype
2009-09-05 21:14:52 ----D---- C:\WINDOWS\Temp
2009-09-05 21:13:24 ----D---- C:\WINDOWS\system32\drivers
2009-09-05 21:10:24 ----D---- C:\WINDOWS
2009-09-05 20:55:53 ----RD---- C:\Programmer
2009-09-05 20:55:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-05 20:42:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-05 20:35:04 ----D---- C:\WINDOWS\Prefetch
2009-09-05 17:43:13 ----D---- C:\Documents and Settings\Morten\Application Data\skypePM
2009-09-05 17:07:05 ----D---- C:\WINDOWS\inf
2009-09-05 17:02:05 ----SHD---- C:\WINDOWS\Installer
2009-09-05 17:02:04 ----HD---- C:\Config.Msi
2009-09-05 17:01:54 ----D---- C:\WINDOWS\WinSxS
2009-09-05 17:01:50 ----D---- C:\Programmer\Fælles filer\Microsoft Shared
2009-09-03 22:04:45 ----D---- C:\WINDOWS\system32
2009-09-03 19:28:01 ----D---- C:\Mine programmer
2009-08-21 14:21:01 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Driver til AMD K7-processor; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2002-11-22 8849]
R2 irda;IrDA-protokol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MP3Driver;MP3Driver; C:\WINDOWS\system32\drivers\MP3Driver.sys [2002-05-28 7240]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-11-27 730700]
R3 Arp1394;1394 ARP-klientprotokol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\fqhglr.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-10-12 539520]
R3 CmBatt;Microsoft ACPI Control Method-batteri; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem - streamingfilterenhed; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-18 16128]
R3 mouhid;HID-driver til mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-04 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2002-09-25 196040]
R3 NIC1394;1394-netværksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared enhedsdriver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN-miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-18 19584]
R3 rtl8180;Belkin 11Mbps Wireless Notebook Network Card Driver; C:\WINDOWS\System32\DRIVERS\Bel6020.sys [2003-07-09 168448]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2002-09-25 476368]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2002-08-28 39348]
R3 usbehci;Miniportdriver til Microsoft USB 2.0-udvidet værtscontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Driver til Microsoft USB-standardhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB-universel værtscontroller miniportdriver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-10-30 10240]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-07-07 152049]
S1 P3;Driver til Intel PentiumIII-processor; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\Morten\LOKALE~1\Temp\aujasnkj.sys []
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 Bridge;MAC-bro; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC-bro-miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys []
S3 cmudau;C-Media USB Sound Interface; C:\WINDOWS\system32\drivers\cmudau.sys [2004-02-13 824320]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-07-07 70070]
S3 FETNDIS;NT-driver til VIA PCI 10/100Mb Fast Ethernet-netværkskort; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-18 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-28 40960]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2002-09-25 1860936]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2002-09-11 162008]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2002-09-25 84880]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Overordnet Microsoft USB-standarddriver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-scannerdriver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Driver til USB-lagerenhed; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service; C:\WINDOWS\system32\drivers\zmhhpau.sys [2008-03-29 89856]
S4 sr;Filterdriver til Systemgendannelse; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2002-10-12 147456]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-06-08 54784]
R2 Irmon;Infrarød overvågning; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmer\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Mine programmer\Ad-Aware\aawservice.exe [2008-09-10 611664]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2002-09-25 45056]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Mine programmer\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 146288]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 521600]
S3 ose;Office Source Engine; C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 218912]
S3 usnjsvc;Læsetjeneste til USN-poster for delemapper i Messenger; C:\Programmer\Windows Live\Messenger\usnsvc.exe [2007-10-18 167960]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programmer\Windows Live\installer\WLSetupSvc.exe [2007-10-25 335872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programmer\Windows Media Player\WMPNetwk.exe [2006-10-18 987136]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:55 AM

Posted 05 September 2009 - 04:12 PM

C:\Programmer\winrar\winrar.exe
contains code of the W32/Sality.Y windows Virus."


This is not a good sign you appear to have a sality infection, this virus infects other legitimate files which can make it difficult to clean, some variants are
also capable of logging keystrokes and stealing information, so you may be best changing your passwords from a clean computer as a precaution.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

unite.jpg


#7 theOBO

theOBO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 06 September 2009 - 05:58 AM

Please download DrWeb-CureIt and save it to your desktop.

I can't directly download the file to my computer, as the virus doesn't allow me to access the site you linked to - or any other site that has to do with DrWeb. But it's not more of a problem, since I can download it to a clean computer and transfer it with a memory-stick...

Reboot your computer in "Safe Mode" using the F8 method.

My computer aren't letting me boot into safemode, as pressing F8 and selecting safemode at startup, only causes the computer to load for a little while and then reboot again.

- Which all means I haven't been able to proceed with the steps for now.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:55 AM

Posted 06 September 2009 - 01:02 PM

Ok, please run it in normal mode then.

unite.jpg


#9 theOBO

theOBO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 07 September 2009 - 06:26 PM

Content of DrWeb log:

hpqste08.exe;c:\mine programmer\hp\digital imaging\bin;Win32.Sector.17;Cured.;
hpqtra08.exe;c:\mine programmer\hp\digital imaging\bin;Win32.Sector.17;Cured.;
hpwuschd2.exe;c:\mine programmer\hp\hp software update;Win32.Sector.17;Cured.;
easyshare.exe;c:\mine programmer\kodak - kamera-software\kodak easyshare software\bin;Win32.Sector.17;Cured.;
grooveauditservice.exe;c:\mine programmer\microsoft office\office12;Win32.Sector.17;Cured.;
groovemonitor.exe;c:\mine programmer\microsoft office\office12;Win32.Sector.17;Cured.;
onenotem.exe;c:\mine programmer\microsoft office\office12;Win32.Sector.17;Cured.;
qttask.exe;c:\mine programmer\quicktime;Win32.Sector.17;Cured.;
reader_sl.exe;c:\programmer\adobe\reader 8.0\reader;Win32.Sector.17;Cured.;
atiptaxx.exe;c:\programmer\ati technologies\ati control panel;Win32.Sector.17;Cured.;
rtlwake.exe;c:\programmer\belkin corporation\belkin wireless network monitor utility and driver;Win32.Sector.17;Cured.;
adobe gamma loader.exe;c:\programmer\fælles filer\adobe\calibration;Win32.Sector.17;Cured.;
odserv.exe;c:\programmer\fælles filer\microsoft shared\office12;Win32.Sector.17;Cured.;
ose.exe;c:\programmer\fælles filer\microsoft shared\source engine;Win32.Sector.17;Cured.;
hppromo.exe;c:\programmer\hp\digital imaging\bin\hp promotions\journeysoftware;Win32.Sector.17;Cured.;
jusched.exe;c:\programmer\java\jre6\bin;Win32.Sector.17;Cured.;
msmsgs.exe;c:\programmer\messenger;Win32.Sector.17;Cured.;
qkeys.exe;c:\programmer\qkeys;Win32.Sector.17;Cured.;
wlsetupsvc.exe;c:\programmer\windows live\installer;Win32.Sector.17;Cured.;
msnmsgr.exe;c:\programmer\windows live\messenger;Win32.Sector.17;Cured.;
usnsvc.exe;c:\programmer\windows live\messenger;Win32.Sector.17;Cured.;
wmpnetwk.exe;c:\programmer\windows media player;Win32.Sector.17;Cured.;
soundman.exe;c:\windows;Win32.Sector.17;Cured.;
autoruns.exe;C:\Autoruns;Win32.Sector.17;Cured.;
autorunsc.exe;C:\Autoruns;Win32.Sector.17;Cured.;
ShFolder.Exe;C:\Documents and Settings\Al Kazim\Lokale indstillinger\Temp\_ISTMP1.DIR\_ISTMP0.DIR;Win32.Sector.17;Cured.;
bambi.exe;C:\Documents and Settings\Al Kazim\Skrivebord;Win32.Sector.17;Cured.;
bambi2.exe;C:\Documents and Settings\Al Kazim\Skrivebord;Win32.Sector.17;Cured.;
D.exe;C:\Documents and Settings\Al Kazim\Skrivebord;Win32.Sector.17;Cured.;
HijackThis.exe;C:\Documents and Settings\Al Kazim\Skrivebord\HiJackThis;Win32.Sector.17;Cured.;
Morten.exe;C:\Documents and Settings\Al Kazim\Skrivebord\HiJackThis;Win32.Sector.17;Cured.;
install_flash_player.exe;C:\Documents and Settings\Al Kazim\Skrivebord\Installers-Opdateringer;Win32.Sector.17;Cured.;
QuickTimeInstaller.exe;C:\Documents and Settings\Al Kazim\Skrivebord\Installers-Opdateringer;Win32.Sector.17;Cured.;
cleaner_cmd.exe;C:\Documents and Settings\Al Kazim\Skrivebord\oluf;Win32.Sector.17;Cured.;
olufi.exe;C:\Documents and Settings\Al Kazim\Skrivebord\oluf;Win32.Sector.17;Cured.;
SetupImgBurn_2.4.4.0.exe;C:\Documents and Settings\Al Kazim\Skrivebord\Ps2-mod;Win32.Sector.17;Cured.;
Setup.exe;C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_1aa161;Win32.Sector.17;Cured.;
Setup.exe;C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_1f2f00;Win32.Sector.17;Cured.;
CCSStop.exe;C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\CCS;Win32.Sector.17;Cured.;
ShFolder.Exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temp\_ISTMP1.DIR\_ISTMP0.DIR;Win32.Sector.17;Cured.;
Setup.exe;C:\Documents and Settings\Morten\Lokale indstillinger\Temp\Adobe Reader 8;Win32.Sector.17;Cured.;
Setup.exe;C:\Documents and Settings\Morten\Lokale indstillinger\Temp\Adobe Reader 8_;Win32.Sector.17;Cured.;
hprbehp.exe;C:\Documents and Settings\Morten\Lokale indstillinger\Temp\HPSU9-LT.A-P;Win32.Sector.17;Cured.;
hprbUpdate.exe;C:\Documents and Settings\Morten\Lokale indstillinger\Temp\HPSUPM5N.52E\signed;Win32.Sector.17;Cured.;
hprbupdatep.exe;C:\Documents and Settings\Morten\Lokale indstillinger\Temp\HPSUPM5N.52E\signed;Win32.Sector.17;Cured.;
4wk9yme.exe;C:\Documents and Settings\Morten\Lokale indstillinger\Temp\RarSFX2;Win32.Sector.17;Cured.;
setupeng.exe;C:\Documents and Settings\Morten\Lokale indstillinger\Temp\_av_inet.tm~a01488;Win32.Sector.17;Cured.;
ShFolder.Exe;C:\Documents and Settings\Morten\Lokale indstillinger\Temp\_ISTMP1.DIR\_ISTMP0.DIR;Win32.Sector.17;Cured.;
4oodhciv.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
anti-downadup-graphics.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
antivix.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
avaxt.exe;C:\Documents and Settings\Morten\Skrivebord;Modification of Win32.Sector.5;Moved.;
bambi.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
d.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
dds.scr;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
RSIT.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
windowsxp-kb958644-x86-dan(2).exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
WindowsXP-KB958644-x86-DAN.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
WindowsXP-KB958644-x86-ENU.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
adaware2008.exe;C:\Documents and Settings\Morten\Skrivebord\Downloads;Win32.Sector.17;Cured.;
Firefox Setup 3.0.6.exe;C:\Documents and Settings\Morten\Skrivebord\Downloads;Win32.Sector.17;Cured.;
Apache.exe;C:\Documents and Settings\Morten\Skrivebord\Ps2-modprocces\Apache;Win32.Sector.17;Cured.;
AAWTray.exe;C:\Mine programmer\Ad-Aware;Win32.Sector.17;Cured.;
threatwork.exe;C:\Mine programmer\Ad-Aware;Win32.Sector.17;Cured.;
imageready.exe;C:\Mine programmer\Adobe Photoshop 7.0;Win32.Sector.17;Cured.;
Droplet Template.exe;C:\Mine programmer\Adobe Photoshop 7.0\Required;Win32.Sector.17;Cured.;
Aged Photo.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
Conditional Mode Change.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
Constrain to 300 pixels.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
Constrain to 64 pixels.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
Drop Shadow Frame.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
Make Button.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
Make Sepia Tone.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
Save As JPEG Medium.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
Save As Photoshop PDF.exe;C:\Mine programmer\Adobe Photoshop 7.0\Samples\Droplets\Photoshop Droplets;Win32.Sector.17;Cured.;
clamscan.exe;C:\Mine programmer\ClamWin antivirus\bin;Win32.Sector.17;Cured.;
sigtool.exe;C:\Mine programmer\ClamWin antivirus\bin;Win32.Sector.17;Cured.;
AVP2XServ.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt;Win32.Sector.17;Cured.;
lithtech.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt;Win32.Sector.17;Cured.;
SierraUp.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt;Win32.Sector.17;Cured.;
avp2tools.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Tools;Win32.Sector.17;Cured.;
avp2tools_update.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Tools;Win32.Sector.17;Cured.;
avp2tools_update2.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Tools;Win32.Sector.17;Cured.;
NOLF2_576.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Trailers;Win32.Sector.17;Cured.;
avp2_en_093.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_094.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_095.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_096.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_mp1.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_sp1.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_us_092.exe;C:\Mine programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
Autorun.exe;C:\Mine programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
AVP2.exe;C:\Mine programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
AVP2Serv.exe;C:\Mine programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
lithtech.exe;C:\Mine programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
SierraUp.exe;C:\Mine programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
DestTest.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hposid01.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqaol08.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqcsaha.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqdirec.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqdstcp.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqEmlsz.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqirs08.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqprntw.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqptc08.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqtax08.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqtbx01.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqudc08.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqvpswp.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpqwrg.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
ppcue.exe;C:\Mine programmer\HP\Digital Imaging\bin;Win32.Sector.17;Cured.;
hpzmsi01.exe;C:\Mine programmer\HP\Digital Imaging\digitalimagingmonitor;Win32.Sector.17;Cured.;
hpzscr01.exe;C:\Mine programmer\HP\Digital Imaging\digitalimagingmonitor;Win32.Sector.17;Cured.;
hpzmsi01.exe;C:\Mine programmer\HP\Digital Imaging\esupport;Win32.Sector.17;Cured.;
hpzscr01.exe;C:\Mine programmer\HP\Digital Imaging\esupport;Win32.Sector.17;Cured.;
5400_load_photo.exe;C:\Mine programmer\HP\Digital Imaging\help\player\fscommand;Win32.Sector.17;Cured.;
5400_paper_jam.exe;C:\Mine programmer\HP\Digital Imaging\help\player\fscommand;Win32.Sector.17;Cured.;
5400_replace_cartridge.exe;C:\Mine programmer\HP\Digital Imaging\help\player\fscommand;Win32.Sector.17;Cured.;
buffer_swf.exe;C:\Mine programmer\HP\Digital Imaging\help\player\fscommand;Win32.Sector.17;Cured.;
hprblog.exe;C:\Mine programmer\HP\Digital Imaging\Product Assistant\bin;Win32.Sector.17;Cured.;
hprbui.exe;C:\Mine programmer\HP\Digital Imaging\Product Assistant\bin;Win32.Sector.17;Cured.;
hprbUpdate.exe;C:\Mine programmer\HP\Digital Imaging\Product Assistant\bin;Win32.Sector.17;Cured.;
HpqDIA.exe;C:\Mine programmer\HP\Digital Imaging\Unload;Win32.Sector.17;Cured.;
HpqDIAS.exe;C:\Mine programmer\HP\Digital Imaging\Unload;Win32.Sector.17;Cured.;
HpqPhUnl.exe;C:\Mine programmer\HP\Digital Imaging\Unload;Win32.Sector.17;Cured.;
HpqPSmon.exe;C:\Mine programmer\HP\Digital Imaging\Unload;Win32.Sector.17;Cured.;
hpqunapl.exe;C:\Mine programmer\HP\Digital Imaging\Unload;Win32.Sector.17;Cured.;
HpqUnSet.exe;C:\Mine programmer\HP\Digital Imaging\Unload;Win32.Sector.17;Cured.;
hpzcdl01.exe;C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E};Win32.Sector.17;Cured.;
hpzsetup.exe;C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E};Win32.Sector.17;Cured.;
setup.exe;C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E};Win32.Sector.17;Cured.;
setup.exe;C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\drivers\dot4\wrapper;Win32.Sector.17;Cured.;
hpzdui01.exe;C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
hpzmsi01.exe;C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
hpzpsl01.exe;C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
hpzscr01.exe;C:\Mine programmer\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
HPWUCli.exe;C:\Mine programmer\HP\HP Software Update;Win32.Sector.17;Cured.;
SelfUpdate.exe;C:\Mine programmer\HP\HP Software Update;Win32.Sector.17;Cured.;
HP_IZE.exe;C:\Mine programmer\HP\Image Zone Express;Win32.Sector.17;Cured.;
ImgBurnPreview.exe;C:\Mine programmer\ImgBurn;Win32.Sector.17;Cured.;
uninstall.exe;C:\Mine programmer\ImgBurn;Win32.Sector.17;Cured.;
iriverMusicManager.exe;C:\Mine programmer\Iriver\Iriver Music Manager;Win32.Sector.17;Cured.;
iriver_Music_Manager_V321_sp.exe;C:\Mine programmer\Iriver\Iriver Music Manager\Installation;Win32.Sector.17;Cured.;
ptssvc.exe;C:\Mine programmer\Kodak - Kamera-software\Kodak EasyShare software\bin;Win32.Sector.17;Cured.;
ptswia.exe;C:\Mine programmer\Kodak - Kamera-software\Kodak EasyShare software\bin;Win32.Sector.17;Cured.;
Tutorial.exe;C:\Mine programmer\Kodak - Kamera-software\Kodak EasyShare software\Tutorial;Win32.Sector.17;Cured.;
kodnotif.exe;C:\Mine programmer\Kodak - Kamera-software\Kodak Utilities;Win32.Sector.17;Cured.;
CLVIEW.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
DRAT.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
DSSM.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
excelcnv.exe;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
GRAPH.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
GROOVE.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
GrooveAuditService.exe;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
GrooveClean.exe;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
GrooveMigrator.exe;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
INFOPATH.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
MSACCESS.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
MSOHTMED.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
MSQRY32.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
MSTORDB.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
MSTORE.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
ois.exe;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
ONENOTE.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
ONENOTEM.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
REGFORM.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
SELFCERT.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
SETLANG.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
VPREVIEW.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
ONELEV.EXE;C:\Mine programmer\Microsoft Office\Office12\1033;Win32.Sector.17;Cured.;
crashreporter.exe;C:\Mine programmer\Mozilla Firefox;Win32.Sector.17;Cured.;
updater.exe;C:\Mine programmer\Mozilla Firefox;Win32.Sector.17;Cured.;
helper.exe;C:\Mine programmer\Mozilla Firefox\uninstall;Win32.Sector.17;Cured.;
cubase le 4.exe;C:\Mine programmer\Musiksoftware\Steinberg\Cubase LE 4;Win32.Sector.17;Cured.;
Polndo41.exe;C:\Mine programmer\Nudansk ordbog;Win32.Sector.17;Cured.;
PictureViewer.exe;C:\Mine programmer\Quicktime;Win32.Sector.17;Cured.;
QTInfo.exe;C:\Mine programmer\Quicktime;Win32.Sector.17;Cured.;
qttask.exe;C:\Mine programmer\Quicktime;Win32.Sector.17;Cured.;
ExportController.exe;C:\Mine programmer\Quicktime\QTSystem;Win32.Sector.17;Cured.;
QuickTimeUpdateHelper.exe;C:\Mine programmer\Quicktime\QTSystem;Win32.Sector.17;Cured.;
Application Launcher.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Application Launcher;Win32.Sector.17;Cured.;
ConnectionWizard.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Connection Wizard;Win32.Sector.17;Cured.;
DPInst.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Drivers\Signed;Win32.Sector.17;Cured.;
fmgrsrv.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\File Manager;Win32.Sector.17;Cured.;
FMObexSrv.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\File Manager;Win32.Sector.17;Cured.;
fmobxsrv.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\File Manager;Win32.Sector.17;Cured.;
epmworker.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\InstSupport;Win32.Sector.17;Cured.;
caleditatl.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Mobile Phone Monitor;Win32.Sector.17;Cured.;
catcheventatl.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Mobile Phone Monitor;Win32.Sector.17;Cured.;
closedbgout.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Mobile Phone Monitor;Win32.Sector.17;Cured.;
dbgout.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Mobile Phone Monitor;Win32.Sector.17;Cured.;
epmworker.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Mobile Phone Monitor;Win32.Sector.17;Cured.;
epm_util.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Mobile Phone Monitor;Win32.Sector.17;Cured.;
setdbgout.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Mobile Phone Monitor;Win32.Sector.17;Cured.;
setregsecurity.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Mobile Phone Monitor;Win32.Sector.17;Cured.;
Notifier.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Notifier;Win32.Sector.17;Cured.;
DXP Pim.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Sync Station;Win32.Sector.17;Cured.;
DXP SyncML.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Sync Station;Win32.Sector.17;Cured.;
SyncController.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Sync Station;Win32.Sector.17;Cured.;
SyncEngineApp.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Sync Station;Win32.Sector.17;Cured.;
SyncMLDesktopServer.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Sync Station;Win32.Sector.17;Cured.;
SyncStarter.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Sync Station;Win32.Sector.17;Cured.;
LogSettings.exe;C:\Mine programmer\Sony Ericson-software\PC Suite\Telecalib\Log Settings;Win32.Sector.17;Cured.;
clokspl.exe;C:\Mine programmer\Spil\3DO\Might and Magic VIII;Win32.Sector.17;Cured.;
GameUp.exe;C:\Mine programmer\Spil\3DO\Might and Magic VIII;Win32.Sector.17;Cured.;
mm8.exe;C:\Mine programmer\Spil\3DO\Might and Magic VIII;Win32.Sector.17;Cured.;
MM8Setup.Exe;C:\Mine programmer\Spil\3DO\Might and Magic VIII;Win32.Sector.17;Cured.;
Itp32.exe;C:\Mine programmer\Spil\3DO\Might and Magic VIII\Register;Win32.Sector.17;Cured.;
Remind32.exe;C:\Mine programmer\Spil\3DO\Might and Magic VIII\Register;Win32.Sector.17;Cured.;
H-Series_ASIO.exe;C:\Mine programmer\Zoom H4 recorder\H-Series_ASIO_v1.0.2_H4E;Win32.Sector.17;Cured.;
ose.exe;C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C;Win32.Sector.17;Incurable.Moved.;
setup.exe;C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C;Win32.Sector.17;Cured.;
DW20.EXE;C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C;Win32.Sector.17;Cured.;
dwtrig20.exe;C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C;Win32.Sector.17;Cured.;
GameUp.exe;C:\Programmer\3DO;Win32.Sector.17;Cured.;
Support.exe;C:\Programmer\3DO\Support;Win32.Sector.17;Cured.;
SysInfo.exe;C:\Programmer\3DO\Support;Win32.Sector.17;Cured.;
ahv.exe;C:\Programmer\Adobe\Adobe Help Viewer\1.0;Win32.Sector.17;Cured.;
AcroRd32.exe;C:\Programmer\Adobe\Reader 8.0\Reader;Win32.Sector.17;Cured.;
AdobeUpdateCheck.exe;C:\Programmer\Adobe\Reader 8.0\Reader;Win32.Sector.17;Cured.;
PDFPrevHndlrShim.exe;C:\Programmer\Adobe\Reader 8.0\Reader;Win32.Sector.17;Cured.;
reader_sl.exe;C:\Programmer\Adobe\Reader 8.0\Reader;Win32.Sector.17;Cured.;
SoftwareUpdate.exe;C:\Programmer\Apple Software Update;Win32.Sector.17;Cured.;
Atiiprxx.exe;C:\Programmer\ATI Technologies\ATI Control Panel;Win32.Sector.17;Cured.;
atiphexx.exe;C:\Programmer\ATI Technologies\ATI Control Panel;Win32.Sector.17;Cured.;
atiprbxx.exe;C:\Programmer\ATI Technologies\ATI Control Panel;Win32.Sector.17;Cured.;
rtlrack.exe;C:\Programmer\AvRack;Win32.Sector.17;Cured.;
InstallDriver.exe;C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver;Win32.Sector.17;Cured.;
RtwAdvCfg.exe;C:\Programmer\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver;Win32.Sector.17;Cured.;
UpdateIPR.exe;C:\Programmer\CyberLink\Common;Win32.Sector.17;Cured.;
CLDMA.exe;C:\Programmer\CyberLink\PowerDVD;Win32.Sector.17;Cured.;
cltest.exe;C:\Programmer\CyberLink\PowerDVD;Win32.Sector.17;Cured.;
dvdrgn.exe;C:\Programmer\CyberLink\PowerDVD;Win32.Sector.17;Cured.;
PowerDVD.exe;C:\Programmer\CyberLink\PowerDVD;Win32.Sector.17;Cured.;
AVP2XServ.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt;Win32.Sector.17;Cured.;
lithtech.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt;Win32.Sector.17;Cured.;
SierraUp.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt;Win32.Sector.17;Cured.;
avp2tools.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Tools;Win32.Sector.17;Cured.;
avp2tools_update.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Tools;Win32.Sector.17;Cured.;
avp2tools_update2.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Tools;Win32.Sector.17;Cured.;
NOLF2_576.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Trailers;Win32.Sector.17;Cured.;
avp2_en_093.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_094.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_095.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_096.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_mp1.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_en_sp1.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
avp2_us_092.exe;C:\Programmer\Fox\Aliens versus Predator 2 - Primal Hunt\Updates;Win32.Sector.17;Cured.;
Autorun.exe;C:\Programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
AVP2.exe;C:\Programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
AVP2Serv.exe;C:\Programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
lithtech.exe;C:\Programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
SierraUp.exe;C:\Programmer\Fox\Aliens vs. Predator 2;Win32.Sector.17;Cured.;
Adobe Gamma Loader.exe;C:\Programmer\Fælles filer\Adobe\Calibration;Win32.Sector.17;Cured.;
AdobeUpdater.exe;C:\Programmer\Fælles filer\Adobe\Updater5;Win32.Sector.17;Cured.;
AdobeUpdaterInstallMgr.exe;C:\Programmer\Fælles filer\Adobe\Updater5;Win32.Sector.17;Cured.;
AdobeWorkgroupHelper.exe;C:\Programmer\Fælles filer\Adobe\Workflow;Win32.Sector.17;Cured.;
IDriver.exe;C:\Programmer\Fælles filer\InstallShield\Driver\7\Intel 32;Win32.Sector.17;Cured.;
IDriver.exe;C:\Programmer\Fælles filer\InstallShield\Driver\9\Intel 32;Win32.Sector.17;Cured.;
IDriver2.exe;C:\Programmer\Fælles filer\InstallShield\Driver\9\Intel 32;Win32.Sector.17;Cured.;
IKernel.exe;C:\Programmer\Fælles filer\InstallShield\engine\6\Intel 32;Win32.Sector.17;Cured.;
knlwrap.exe;C:\Programmer\Fælles filer\InstallShield\engine\6\Intel 32;Win32.Sector.17;Cured.;
patchjre.exe;C:\Programmer\Fælles filer\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05;Win32.Sector.17;Cured.;
patchjre.exe;C:\Programmer\Fælles filer\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13;Win32.Sector.17;Cured.;
patchjre.exe;C:\Programmer\Fælles filer\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06;Win32.Sector.17;Cured.;
inst_act.exe;C:\Programmer\Fælles filer\Kodak\kodak_dr;Win32.Sector.17;Cured.;
KodakCCS.exe;C:\Programmer\Fælles filer\Kodak\kodak_dr;Win32.Sector.17;Cured.;
DW20.EXE;C:\Programmer\Fælles filer\Microsoft Shared\DW;Win32.Sector.17;Cured.;
DWTRIG20.EXE;C:\Programmer\Fælles filer\Microsoft Shared\DW;Win32.Sector.17;Cured.;
EQNEDT32.EXE;C:\Programmer\Fælles filer\Microsoft Shared\EQUATION;Win32.Sector.17;Cured.;
OINFOP12.EXE;C:\Programmer\Fælles filer\Microsoft Shared\MSInfo;Win32.Sector.17;Cured.;
ACECNFLT.EXE;C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12;Win32.Sector.17;Cured.;
MSE7.EXE;C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12;Win32.Sector.17;Cured.;
MSOXMLED.EXE;C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12;Win32.Sector.17;Cured.;
ODSERV.EXE;C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12;Win32.Sector.17;Cured.;
OFFDIAG.EXE;C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12;Win32.Sector.17;Cured.;
OFFLB.EXE;C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12;Win32.Sector.17;Cured.;
ODEPLOY.EXE;C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\Office Setup Controller;Win32.Sector.17;Cured.;
SETUP.EXE;C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\Office Setup Controller;Win32.Sector.17;Cured.;
OSE.EXE;C:\Programmer\Fælles filer\Microsoft Shared\Source Engine;Win32.Sector.17;Cured.;
CapabilityManager.exe;C:\Programmer\Fælles filer\Teleca Shared;Win32.Sector.17;Cured.;
Generic.exe;C:\Programmer\Fælles filer\Teleca Shared;Win32.Sector.17;Cured.;
HPpromo.exe;C:\Programmer\HP\Digital Imaging\bin\HP Promotions\JourneySoftware;Win32.Sector.17;Cured.;
setup.exe;C:\Programmer\HP\Digital Imaging\bin\HP Promotions\JourneySoftware\JourneySoftwareInstaller;Win32.Sector.17;Cured.;
hpzmsi01.exe;C:\Programmer\HP\Temp\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
hpzrcv01.exe;C:\Programmer\HP\Temp\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
hpzscr01.exe;C:\Programmer\HP\Temp\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{47825464-4677-4A8D-B58E-54894D89C4AB};Win32.Sector.17;Cured.;
setup.exe;C:\Programmer\InstallShield Installation Information\{5986F167-4C6C-4D03-9706-E1189B2A1462};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E};Win32.Sector.17;Cured.;
java.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
javaw.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
javaws.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
jucheck.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
jureg.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
jusched.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
unpack200.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
java.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
javaw.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
javaws.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
jucheck.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
jureg.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
jusched.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
unpack200.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
java.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
javaw.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
javaws.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
jucheck.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
jureg.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
jusched.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
unpack200.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
java-rmi.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
javacpl.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
javaw.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
javaws.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
jbroker.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
jqsnotify.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
jucheck.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
jureg.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
keytool.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
kinit.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
klist.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
ktab.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
orbd.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
pack200.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
policytool.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
rmid.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
rmiregistry.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
servertool.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
tnameserv.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
unpack200.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
mbam-dor.exe;C:\Programmer\Malwarebytes' Anti-Malware;Win32.Sector.17;Cured.;
mbam.exe;C:\Programmer\Malwarebytes' Anti-Malware;Win32.Sector.17;Cured.;
mbamgui.exe;C:\Programmer\Malwarebytes' Anti-Malware;Win32.Sector.17;Cured.;
mbamservice.exe;C:\Programmer\Malwarebytes' Anti-Malware;Win32.Sector.17;Cured.;
msmsgsin.exe;C:\Programmer\Messenger;Win32.Sector.17;Cured.;
MP3Player.exe;C:\Programmer\MP3Player;Win32.Sector.17;Cured.;
DriverInstall.exe;C:\Programmer\QKeys;Win32.Sector.17;Cured.;
dxfdsetup.exe;C:\Programmer\Steinberg\Asio;Win32.Sector.17;Cured.;
UNWISE.EXE;C:\Programmer\Syncrosoft;Win32.Sector.17;Cured.;
LCC.exe;C:\Programmer\Syncrosoft\LCC;Win32.Sector.17;Cured.;
SYNSOPOS.exe;C:\Programmer\Syncrosoft\POS;Win32.Sector.17;Cured.;
CmiInstallAudio.exe;C:\Programmer\USB Audio Adapter With Mic;Win32.Sector.17;Cured.;
CmDrvRmU.exe;C:\Programmer\USB Audio Adapter With Mic\Driver;Win32.Sector.17;Cured.;
CmSNXeye.exe;C:\Programmer\USB Audio Adapter With Mic\Driver;Win32.Sector.17;Cured.;
Dashboard.exe;C:\Programmer\Windows Live\installer;Win32.Sector.17;Cured.;
livecall.exe;C:\Programmer\Windows Live\Messenger;Win32.Sector.17;Cured.;
msvs.exe;C:\Programmer\Windows Live\Messenger;Win32.Sector.17;Cured.;
dpinst.exe;C:\Programmer\Windows Live\Messenger\Device Manager;Win32.Sector.17;Cured.;
msgrdvmn.exe;C:\Programmer\Windows Live\Messenger\Device Manager;Win32.Sector.17;Cured.;
dlimport.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmdbexport.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmlaunch.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmpnscfg.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmpshare.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmsetsdk.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
Rar.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
RarExtLoader.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
Uninstall.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
UnRAR.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
winrar.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
zmhhpaudcp.exe;C:\Programmer\ZOOM\H Series Driver;Win32.Sector.17;Cured.;
zmhhpsetup.exe;C:\Programmer\ZOOM\H Series Driver;Win32.Sector.17;Cured.;
zoomhhpuninst.exe;C:\Programmer\ZOOM\H Series Driver;Win32.Sector.17;Cured.;
rom.exe;C:\Rage of Mages;Win32.Sector.17;Cured.;
Dc208.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-1006;Win32.Sector.17;Cured.;
download.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
grep.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
isadmin.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
LS.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
moveex.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
Process.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
Process.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Tool.Prockill;Incurable.Moved.;
psservice.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
sc.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
sed.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
SF.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
unzip.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
vfind.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
WINMSG.EXE;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
zip.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
regedit.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps\Replace;Win32.Sector.17;Cured.;
download.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
grep.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
isadmin.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
LS.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
moveex.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
Process.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
psservice.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
sc.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
sed.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
SF.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
unzip.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
vfind.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
WINMSG.EXE;C:\SDFix\apps;Win32.Sector.17;Cured.;
zip.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
regedit.exe;C:\SDFix\apps\Replace;Win32.Sector.17;Cured.;
mrt.exe;C:\WINDOWS\system32;Win32.Sector.17;Cured.;
NPSWF32_FlashUtil.exe;C:\WINDOWS\system32\Macromed\Flash;Win32.Sector.17;Cured.;

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:55 AM

Posted 07 September 2009 - 09:36 PM

Please delete you copy of Dr.Web and download a fresh copy, then try and run it in safe mode again, if it will not run in safe mode give it
another run in normal mode.

unite.jpg


#11 theOBO

theOBO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 08 September 2009 - 01:17 PM

Log from the new scan. I still cannot boot into safemode, so it's in normal mode:

hpqtra08.exe;c:\mine programmer\hp\digital imaging\bin;Win32.Sector.17;Cured.;
hpwuschd2.exe;c:\mine programmer\hp\hp software update;Win32.Sector.17;Cured.;
easyshare.exe;c:\mine programmer\kodak - kamera-software\kodak easyshare software\bin;Win32.Sector.17;Cured.;
onenotem.exe;c:\mine programmer\microsoft office\office12;Win32.Sector.17;Cured.;
qttask.exe;c:\mine programmer\quicktime;Win32.Sector.17;Cured.;
reader_sl.exe;c:\programmer\adobe\reader 8.0\reader;Win32.Sector.17;Cured.;
atiptaxx.exe;c:\programmer\ati technologies\ati control panel;Win32.Sector.17;Cured.;
rtlwake.exe;c:\programmer\belkin corporation\belkin wireless network monitor utility and driver;Win32.Sector.17;Cured.;
adobe gamma loader.exe;c:\programmer\fælles filer\adobe\calibration;Win32.Sector.17;Cured.;
jusched.exe;c:\programmer\java\jre6\bin;Win32.Sector.17;Cured.;
msmsgs.exe;c:\programmer\messenger;Win32.Sector.17;Cured.;
qkeys.exe;c:\programmer\qkeys;Win32.Sector.17;Cured.;
wlsetupsvc.exe;c:\programmer\windows live\installer;Win32.Sector.17;Cured.;
msnmsgr.exe;c:\programmer\windows live\messenger;Win32.Sector.17;Cured.;
usnsvc.exe;c:\programmer\windows live\messenger;Win32.Sector.17;Cured.;
wmpnetwk.exe;c:\programmer\windows media player;Win32.Sector.17;Cured.;
soundman.exe;c:\windows;Win32.Sector.17;Cured.;
autoruns.exe;C:\Autoruns;Win32.Sector.17;Cured.;
autorunsc.exe;C:\Autoruns;Win32.Sector.17;Cured.;
ShFolder.Exe;C:\Documents and Settings\Al Kazim\Lokale indstillinger\Temp\_ISTMP1.DIR\_ISTMP0.DIR;Win32.Sector.17;Cured.;
bambi.exe;C:\Documents and Settings\Al Kazim\Skrivebord;Win32.Sector.17;Cured.;
bambi2.exe;C:\Documents and Settings\Al Kazim\Skrivebord;Win32.Sector.17;Cured.;
D.exe;C:\Documents and Settings\Al Kazim\Skrivebord;Win32.Sector.17;Cured.;
HijackThis.exe;C:\Documents and Settings\Al Kazim\Skrivebord\HiJackThis;Win32.Sector.17;Cured.;
Morten.exe;C:\Documents and Settings\Al Kazim\Skrivebord\HiJackThis;Win32.Sector.17;Cured.;
install_flash_player.exe;C:\Documents and Settings\Al Kazim\Skrivebord\Installers-Opdateringer;Win32.Sector.17;Cured.;
QuickTimeInstaller.exe;C:\Documents and Settings\Al Kazim\Skrivebord\Installers-Opdateringer;Win32.Sector.17;Cured.;
cleaner_cmd.exe;C:\Documents and Settings\Al Kazim\Skrivebord\oluf;Win32.Sector.17;Cured.;
olufi.exe;C:\Documents and Settings\Al Kazim\Skrivebord\oluf;Win32.Sector.17;Cured.;
SetupImgBurn_2.4.4.0.exe;C:\Documents and Settings\Al Kazim\Skrivebord\Ps2-mod;Win32.Sector.17;Cured.;
Setup.exe;C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_1aa161;Win32.Sector.17;Cured.;
Setup.exe;C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_1f2f00;Win32.Sector.17;Cured.;
CCSStop.exe;C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\CCS;Win32.Sector.17;Cured.;
ShFolder.Exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temp\_ISTMP1.DIR\_ISTMP0.DIR;Win32.Sector.17;Cured.;
4oodhciv.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
RSIT.exe;C:\Documents and Settings\Morten\Skrivebord;Win32.Sector.17;Cured.;
ONENOTEM.EXE;C:\Mine programmer\Microsoft Office\Office12;Win32.Sector.17;Cured.;
qttask.exe;C:\Mine programmer\Quicktime;Win32.Sector.17;Cured.;
reader_sl.exe;C:\Programmer\Adobe\Reader 8.0\Reader;Win32.Sector.17;Cured.;
Adobe Gamma Loader.exe;C:\Programmer\Fælles filer\Adobe\Calibration;Win32.Sector.17;Cured.;
setup.exe;C:\Programmer\HP\Digital Imaging\bin\HP Promotions\JourneySoftware\JourneySoftwareInstaller;Win32.Sector.17;Cured.;
hpzmsi01.exe;C:\Programmer\HP\Temp\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
hpzrcv01.exe;C:\Programmer\HP\Temp\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
hpzscr01.exe;C:\Programmer\HP\Temp\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup;Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{47825464-4677-4A8D-B58E-54894D89C4AB};Win32.Sector.17;Cured.;
setup.exe;C:\Programmer\InstallShield Installation Information\{5986F167-4C6C-4D03-9706-E1189B2A1462};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC};Win32.Sector.17;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E};Win32.Sector.17;Cured.;
java.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
javaw.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
javaws.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
jucheck.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
jureg.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
jusched.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
unpack200.exe;C:\Programmer\Java\jre1.6.0_03\bin;Win32.Sector.17;Cured.;
java.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
javaw.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
javaws.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
jucheck.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
jureg.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
jusched.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
unpack200.exe;C:\Programmer\Java\jre1.6.0_05\bin;Win32.Sector.17;Cured.;
java.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
javaw.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
javaws.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
jucheck.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
jureg.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
jusched.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
unpack200.exe;C:\Programmer\Java\jre1.6.0_07\bin;Win32.Sector.17;Cured.;
java-rmi.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
java.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
javacpl.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
javaw.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
javaws.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
jbroker.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
jqsnotify.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
jucheck.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
jureg.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
keytool.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
kinit.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
klist.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
ktab.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
orbd.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
pack200.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
policytool.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
rmid.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
rmiregistry.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
servertool.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
tnameserv.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
unpack200.exe;C:\Programmer\Java\jre6\bin;Win32.Sector.17;Cured.;
mbam-dor.exe;C:\Programmer\Malwarebytes' Anti-Malware;Win32.Sector.17;Cured.;
mbam.exe;C:\Programmer\Malwarebytes' Anti-Malware;Win32.Sector.17;Cured.;
mbamgui.exe;C:\Programmer\Malwarebytes' Anti-Malware;Win32.Sector.17;Cured.;
mbamservice.exe;C:\Programmer\Malwarebytes' Anti-Malware;Win32.Sector.17;Cured.;
msmsgsin.exe;C:\Programmer\Messenger;Win32.Sector.17;Cured.;
MP3Player.exe;C:\Programmer\MP3Player;Win32.Sector.17;Cured.;
DriverInstall.exe;C:\Programmer\QKeys;Win32.Sector.17;Cured.;
dxfdsetup.exe;C:\Programmer\Steinberg\Asio;Win32.Sector.17;Cured.;
UNWISE.EXE;C:\Programmer\Syncrosoft;Win32.Sector.17;Cured.;
LCC.exe;C:\Programmer\Syncrosoft\LCC;Win32.Sector.17;Cured.;
SYNSOPOS.exe;C:\Programmer\Syncrosoft\POS;Win32.Sector.17;Cured.;
CmiInstallAudio.exe;C:\Programmer\USB Audio Adapter With Mic;Win32.Sector.17;Cured.;
CmDrvRmU.exe;C:\Programmer\USB Audio Adapter With Mic\Driver;Win32.Sector.17;Cured.;
CmSNXeye.exe;C:\Programmer\USB Audio Adapter With Mic\Driver;Win32.Sector.17;Cured.;
Dashboard.exe;C:\Programmer\Windows Live\installer;Win32.Sector.17;Cured.;
livecall.exe;C:\Programmer\Windows Live\Messenger;Win32.Sector.17;Cured.;
msvs.exe;C:\Programmer\Windows Live\Messenger;Win32.Sector.17;Cured.;
dpinst.exe;C:\Programmer\Windows Live\Messenger\Device Manager;Win32.Sector.17;Cured.;
msgrdvmn.exe;C:\Programmer\Windows Live\Messenger\Device Manager;Win32.Sector.17;Cured.;
dlimport.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmdbexport.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmlaunch.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmpnscfg.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmpshare.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
wmsetsdk.exe;C:\Programmer\Windows Media Player;Win32.Sector.17;Cured.;
Rar.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
RarExtLoader.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
Uninstall.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
UnRAR.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
winrar.exe;C:\Programmer\WinRAR;Win32.Sector.17;Cured.;
zmhhpaudcp.exe;C:\Programmer\ZOOM\H Series Driver;Win32.Sector.17;Cured.;
zmhhpsetup.exe;C:\Programmer\ZOOM\H Series Driver;Win32.Sector.17;Cured.;
zoomhhpuninst.exe;C:\Programmer\ZOOM\H Series Driver;Win32.Sector.17;Cured.;
rom.exe;C:\Rage of Mages;Win32.Sector.17;Cured.;
Dc208.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-1006;Win32.Sector.17;Cured.;
Dc217.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-1006;Win32.Sector.17;Cured.;
download.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
grep.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
isadmin.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
LS.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
moveex.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
psservice.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
sc.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
sed.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
SF.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
unzip.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
vfind.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
WINMSG.EXE;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
zip.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps;Win32.Sector.17;Cured.;
regedit.exe;C:\RECYCLER\S-1-5-21-4078176162-2681017343-4103935507-500\Dc1\apps\Replace;Win32.Sector.17;Cured.;
download.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
grep.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
isadmin.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
LS.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
moveex.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
psservice.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
sc.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
sed.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
SF.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
unzip.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
vfind.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
WINMSG.EXE;C:\SDFix\apps;Win32.Sector.17;Cured.;
zip.exe;C:\SDFix\apps;Win32.Sector.17;Cured.;
regedit.exe;C:\SDFix\apps\Replace;Win32.Sector.17;Cured.;

Edited by theOBO, 08 September 2009 - 01:19 PM.


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:55 AM

Posted 08 September 2009 - 01:34 PM

Hi theOBO,

Im sorry to say, but your only real option here is to format and reinstall, your system is just to infected. It would just be a waste of both our times to try and clean
this machine, as even if we do manage to get rid of it, these type of infections can cause a lot of damage to your machine that is irreparable. Let me no if you have
any questions.

Syler

unite.jpg


#13 theOBO

theOBO
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 09 September 2009 - 01:02 PM

Well, that's certainly not the most cheerful message to read... But I guess the most important thing is to know when to stop....
I just want to thank you a thousand times for the time you have invested in helping me when I didn't have a clue what to do! Even though it didn't work out it's nice to know I've tried. So thank you really much!

I have a couple of last questions that I hope you could help me with...
One is, if it should be possible in some way to rescue some of f.x. my word-files and/or pictures to another computer without infecting that computer as well (and if yes, how it is done safest).
Another thing is if I can be sure that my computer will be clean if I format the hard disk? I ask because I remember reading in posts by other people with somewhat similar problems to mine, that they had even tried formatting without getting rid of their problem. Of course there is nothing to do but try, but can I do anything for making sure I have got rid of my infections?

Thank you another time..!
- Morten

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:55 AM

Posted 09 September 2009 - 05:31 PM

It is recommended that you don't backup any of the following files with these extensions.

* .exe
* .scr
* .htm
* .html
* .xml
* .zip
* .rar
* .doc
* .jpg
* .pdf

You can back anything else up using a flash drive or burning then to a CD although this list doesn't leave much. Formatting should do the job,
I don't believe it is possible for the infection to survive it, but if you want to be ultra cautious you can use DBAN. Do you have any more questions?

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:55 AM

Posted 10 September 2009 - 06:22 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users