It gave me some problems but here is what I've got
HJT log
Logfile of HijackThis v1.99.1
Scan saved at 20:39:52, on 26-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Razer\Copperhead\razerhid.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
C:\Programmer\Panda Internet Security 2008\AVENGINE.EXE
C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Razer\Copperhead\razertra.exe
C:\Programmer\Razer\Copperhead\razerofa.exe
C:\Programmer\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Annette\Skrivebord\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [razer] C:\Programmer\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative....031/CTSUEng.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) -
http://www.nanoscan....s/ascstubie.cabO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://www.ca.com/us...an/pestscan.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1200174539777O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1205178856765O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www.ca.com/us...nfo/webscan.cabO16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) -
https://udstedelse.c...tdccsp-0506.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative....15034/CTPID.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A70B20D6-2B08-48FA-AC37-1387FDEC122A}: NameServer = 212.54.64.170,212.54.64.171
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programmer\Panda Internet Security 2008\TPSrv.exe
---------------------------
S&D report
--- Search result list ---
Inet Delivery: [SBI $62162B60] Bruger indstilling (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\Software\Inet Delivery
Inet Delivery: [SBI $6DE54DE3] Afinstallér indstillinger (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery
GoldenPalace.Casino: [SBI $A27AFA55] Bruger indstilling (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\Software\Golden Palace Casino PT
GoldenPalace.Casino: [SBI $59E76BAB] Afinstallér indstillinger (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW
MagicControl.Agent: [SBI $535C1507] Afinstallér indstillinger (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent
SpySheriff: [SBI $F18F24AD] Class ID (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
SpySheriff: [SBI $D4B25EE3] Class ID (Registreringsdatabasenøgle, fixed)
HKEY_CLASSES_ROOT\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
MediaUpdate: [SBI $407258B6] Class ID (Registreringsdatabasenøgle, fixed)
HKEY_CLASSES_ROOT\CLSID\{B8C0220D-763D-49A4-95F4-61DFDEC66EE6}
Statcounter: Tracking cookie (Internet Explorer: Annette) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-03-24 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-03-19 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-03-19 Includes\DialerC.sbi (*)
2008-03-19 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-03-19 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-03-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-03-12 Includes\Malware.sbi (*)
2008-03-19 Includes\MalwareC.sbi (*)
2008-02-20 Includes\PUPS.sbi (*)
2008-03-19 Includes\PUPSC.sbi (*)
2008-03-19 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-03-19 Includes\SecurityC.sbi (*)
2008-03-19 Includes\Spybots.sbi (*)
2008-03-19 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-03-19 Includes\Trojans.sbi (*)
2008-03-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix til Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Sikkerhedsopdatering til Windows Media Player 9 (KB936782)
/ Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit
http://support.microsoft.com/kb/932471 / Windows XP: Sikkerhedsopdatering til Windows XP (KB941569)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Opdatering til Windows XP (KB894391)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896358)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896423)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896428)
/ Windows XP / SP3: Opdatering til Windows XP (KB898461)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899587)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899591)
/ Windows XP / SP3: Opdatering til Windows XP (KB900485)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB900725)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901017)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901214)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB902400)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB904706)
/ Windows XP / SP3: Opdatering til Windows XP (KB904942)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905414)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905749)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB908519)
/ Windows XP / SP3: Opdatering til Windows XP (KB908531)
/ Windows XP / SP3: Opdatering til Windows XP (KB910437)
/ Windows XP / SP3: Opdatering til Windows XP (KB911280)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB911562)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB911927)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB913580)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB914388)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB914389)
/ Windows XP / SP3: Hotfix til Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Opdatering til Windows XP (KB916595)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917159)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917344)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917953)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB918118)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB918439)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB919007)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920213)
/ Windows XP / SP3: Opdatering til Windows XP (KB920342)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920670)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920683)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920685)
/ Windows XP / SP3: Opdatering til Windows XP (KB920872)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB921503)
/ Windows XP / SP3: Opdatering til Windows XP (KB922582)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB922819)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923191)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923414)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923980)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924270)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924496)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924667)
/ Windows XP / SP3: Opdatering til Windows XP (KB925720)
/ Windows XP / SP3: Opdatering til Windows XP (KB925876)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB926255)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB926436)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB927779)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB927802)
/ Windows XP / SP3: Opdatering til Windows XP (KB927891)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB928255)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB928843)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB929123)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB930178)
/ Windows XP / SP3: Opdatering til Windows XP (KB930916)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB931261)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB931784)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB932168)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB933729)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB935839)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB935840)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB936021)
/ Windows XP / SP3: Opdatering til Windows XP (KB936357)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB938127)
/ Windows XP / SP3: Opdatering til Windows XP (KB938828)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB938829)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941202)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941568)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941644)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB942615)
/ Windows XP / SP3: Opdatering til Windows XP (KB942763)
/ Windows XP / SP3: Opdatering til Windows XP (KB942840)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943055)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943460)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943485)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB944653)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB946026)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, APVXDWIN
command: "C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE" /s
file: C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE
size: 406832
MD5: 37053D331B235EFCB6288D50D5C68F7E
Located: HK_LM:Run, HP Software Update
command: C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
file: C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: 9493BFFB9F82EFEC742F5C56A279BD5B
Located: HK_LM:Run, P17Helper
command: Rundll32 SPIRun.dll,RunDLLEntry
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, razer
command: C:\Programmer\Razer\Copperhead\razerhid.exe
file: C:\Programmer\Razer\Copperhead\razerhid.exe
size: 155648
MD5: F78212329BFD1EBDD0C3009ABC748BD9
Located: HK_LM:Run, SCANINICIO
command: "C:\Programmer\Panda Internet Security 2008\Inicio.exe"
file: C:\Programmer\Panda Internet Security 2008\Inicio.exe
size: 27952
MD5: A2F512BF50F8F24A20D70DB728DDD4EB
Located: HK_LM:Run, SPAMfighter Agent
command: "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
file: C:\Programmer\SPAMfighter\SFAgent.exe
size: 230600
MD5: 3330DFB54046F0F154F1A7E358E873CC
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF
Located: HK_LM:Run, VolPanel
command: "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
file: C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
size: 122880
MD5: E81A33F3E11959E65251988E79AA243C
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1417001333-261478967-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C
Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)
where: S-1-5-21-1417001333-261478967-839522115-1004...
command: C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C
Located: Startup (fælles), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start...
command: C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
Located: Windows Logon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Windows Logon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Windows Logon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Windows Logon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Windows Logon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Windows Logon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Windows Logon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Windows Logon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Windows Logon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link:
http://www.adobe.com.../readstep2.html info source: TonyKlein
Path: C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22-10-2006 23:08:42
Date (last access): 26-03-2008 20:52:12
Date (last write): 22-10-2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Programmer\Java\jre1.6.0_03\bin\
Long name: ssv.dll
--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase:
http://office.micros...tes/ieawsdc.cab description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 30-06-2007 19:09:06
Date (last access): 26-03-2008 20:40:44
Date (last write): 30-06-2007 19:09:06
Filesize: 175968
Attributes: archive
MD5: BCD0A5C3C1715C363CB3F321ABE31514
CRC32: DB757059
Version: 12.0.6028.0
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate)
DPF name:
CLSID name: Creative Software AutoUpdate
Installer: C:\WINDOWS\Downloaded Program Files\CTSUEng.inf
Codebase:
http://www.creative....031/CTSUEng.cab description:
classification: Legitimate
known filename: CTSUEng.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: CTSUEng.ocx
Short name:
Date (created): 08-06-2007 16:33:12
Date (last access): 25-03-2008 18:34:02
Date (last write): 08-06-2007 16:33:12
Filesize: 231200
Attributes: archive
MD5: 987047E9CD80B5793F3109B9EC6BAEE5
CRC32: 9FA03E57
Version: 1.50.16.0
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase:
http://www.kaspersky...can_unicode.cab description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 29-08-2007 15:49:54
Date (last access): 25-03-2008 18:36:06
Date (last write): 29-08-2007 15:49:54
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase:
http://security.syma...bin/AvSniff.cab description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 15-01-2008 22:12:38
Date (last access): 26-03-2008 20:40:44
Date (last write): 15-01-2008 22:12:38
Filesize: 312680
Attributes: archive
MD5: 888798ADCF17BEF44219A7CC910B8FC8
CRC32: 36D46E76
Version: 2006.2.22.58
{512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
DPF name:
CLSID name: TotalScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\ascstubie.inf
Codebase:
http://www.nanoscan....s/ascstubie.cab description:
classification: Legitimate
known filename: ascstubie.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ascstubie.dll
Short name: ASCSTU~1.DLL
Date (created): 21-08-2007 14:37:26
Date (last access): 26-03-2008 20:40:44
Date (last write): 21-08-2007 14:37:26
Filesize: 124208
Attributes: archive
MD5: 0AD87599756B34C0214AFCE961E78DD5
CRC32: EA254381
Version: 1.0.0.7
{56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control)
DPF name:
CLSID name: PSFormX Control
Installer: C:\WINDOWS\Downloaded Program Files\pestscanx.inf
Codebase:
http://www.ca.com/us...an/pestscan.cab description:
classification: Legitimate
known filename: PESTSC~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: pestscanx.ocx
Short name: PESTSC~1.OCX
Date (created): 13-09-2005 13:42:54
Date (last access): 26-03-2008 00:08:52
Date (last write): 13-09-2005 13:42:54
Filesize: 676864
Attributes: archive
MD5: C405384A2D2F8830BEAF67125119A10F
CRC32: 69DDE6E8
Version: 1.0.0.16
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINDOWS\Downloaded Program Files\oscan8.inf
Codebase:
http://download.bitd...can8/oscan8.cab description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: oscan82.ocx
Short name:
Date (created): 26-02-2008 15:59:18
Date (last access): 25-03-2008 18:34:02
Date (last write): 26-02-2008 15:59:18
Filesize: 487424
Attributes: archive
MD5: 230A39D8950142CF2C94A5C1E567E95E
CRC32: A546A5BB
Version: 1.0.0.1
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase:
http://www.update.mi...b?1200174539777 description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 12-01-2008 21:13:16
Date (last access): 26-03-2008 20:43:10
Date (last write): 30-07-2007 19:19:46
Filesize: 203096
Attributes: archive
MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
CRC32: 8092F837
Version: 7.0.6000.381
{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase:
http://security.syma...n/bin/cabsa.cab description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 15-01-2008 22:12:48
Date (last access): 26-03-2008 20:40:44
Date (last write): 15-01-2008 22:12:48
Filesize: 296336
Attributes: archive
MD5: B64C2F3609301D0FA2BBABFB5799890C
CRC32: 246BD9BB
Version: 2006.2.15.43
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase:
http://www.update.mi...b?1205178856765 description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 30-07-2007 19:18:34
Date (last access): 26-03-2008 20:43:08
Date (last write): 30-07-2007 19:18:34
Filesize: 207736
Attributes: archive
MD5: 8038B166CE79E58E193566150CE26465
CRC32: 9137D395
Version: 7.0.6000.381
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase:
http://www.ca.com/us...nfo/webscan.cab description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 20-11-2006 12:02:34
Date (last access): 26-03-2008 20:40:44
Date (last write): 20-11-2006 12:02:34
Filesize: 180282
Attributes: archive
MD5: 76EA3ABECE61FBA3C07F61E42BB0CA48
CRC32: AECD0E4D
Version: 1.1.0.1049
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase:
http://fpdownload.ma...t/ultrashim.cab description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase:
http://java.sun.com/...indows-i586.cab description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programmer\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24-09-2007 23:31:44
Date (last access): 25-03-2008 19:58:10
Date (last write): 25-09-2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class)
DPF name:
CLSID name: Util Class
Installer:
Codebase:
https://udstedelse.c...tdccsp-0506.exe description:
classification: Legitimate
known filename: csputil.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programmer\TDC\Digital Signatur CSP\
Long name: csputil.dll
Short name:
Date (created): 18-04-2006 15:54:22
Date (last access): 25-03-2008 18:32:40
Date (last write): 18-04-2006 15:54:22
Filesize: 294912
Attributes: archive
MD5: F4BBAD003A69825732999A713F782E76
CRC32: 64E82F89
Version: 1.1.0.0
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase:
http://fpdownload2.m...ash/swflash.cab description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 21-11-2007 01:04:14
Date (last access): 26-03-2008 19:53:28
Date (last write): 21-11-2007 01:04:14
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0
{F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
DPF name:
CLSID name: Creative Software AutoUpdate Support Package
Installer: C:\WINDOWS\Downloaded Program Files\CTPID.inf
Codebase:
http://www.creative....15034/CTPID.cab description:
classification: Legitimate
known filename: CTPID.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\
Long name: CTPID.ocx
Short name:
Date (created): 13-01-2008 00:22:30
Date (last access): 25-03-2008 18:30:08
Date (last write): 11-01-2008 15:58:38
Filesize: 37536
Attributes: archive
MD5: EEDEA032CD9325FBB394406350C41427
CRC32: 25040EA1
Version: 1.0.42.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 944 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1036 ( 944) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1060 ( 944) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1104 (1060) C:\WINDOWS\system32\services.exe
size: 108032
MD5: 55BBE54A196B1A9F99EC2E01F4AC1215
PID: 1116 (1060) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9086126FB5FD15CEB387121506400244
PID: 1296 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1364 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1476 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1500 (1104) C:\Programmer\Panda Internet Security 2008\TPSrv.exe
size: 404784
MD5: 3C0E87F077D1BB31D86AA927E15E85C1
PID: 1636 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1760 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 416 (1104) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1616 ( 276) C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
size: 122880
MD5: E81A33F3E11959E65251988E79AA243C
PID: 308 ( 276) C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF
PID: 780 ( 276) C:\Programmer\Razer\Copperhead\razerhid.exe
size: 155648
MD5: F78212329BFD1EBDD0C3009ABC748BD9
PID: 948 ( 276) C:\Programmer\SPAMfighter\SFAgent.exe
size: 230600
MD5: 3330DFB54046F0F154F1A7E358E873CC
PID: 1404 ( 276) C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983
PID: 1728 ( 276) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C
PID: 1784 ( 276) C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
PID: 724 (1104) C:\WINDOWS\system32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1020 (1104) C:\WINDOWS\system32\nvsvc32.exe
size: 155716
MD5: 472A00D2183C9E5EDB3E076272741812
PID: 1696 (1104) C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
size: 169264
MD5: C57E4072BB37449678CA193BF1928398
PID: 1924 (1104) C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
size: 173360
MD5: 7638CFE8F22C799431A39CDFF6D4AB04
PID: 808 (1104) C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
size: 63024
MD5: F41AD950FABA0AD91D9D323074A6AF65
PID: 1840 (1104) C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
size: 148272
MD5: C37842E4E473A064B21755D6235F5497
PID: 1592 (1840) C:\Programmer\Panda Internet Security 2008\AVENGINE.EXE
size: 96560
MD5: FDE0F9A81E6893E780C2AB5BA3BF166D
PID: 372 (1104) C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
size: 67120
MD5: D858C1B9C6B4726993C1BAFFC27F49E6
PID: 2044 (1104) C:\WINDOWS\system32\PnkBstrA.exe
size: 66872
MD5: 831883B107684301F48ACE752C963984
PID: 972 (1104) C:\WINDOWS\system32\PnkBstrB.exe
size: 107832
MD5: 3CBDAD8993E100192BD85119FD00438E
PID: 2012 (1104) C:\WINDOWS\system32\PSIService.exe
size: 177704
MD5: F115AF58ABE5605D7D709CBFBD83F418
PID: 116 (1104) c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
size: 226864
MD5: 545D81E007989AEEFCCA8922D38CCF0C
PID: 292 (1104) C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
size: 108592
MD5: AB75889B63CB3B761FB71072AC79DF94
PID: 912 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 3872 (1784) C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
size: 204800
MD5: 2DB4D4386AC0F8CC367E1AA8AB1004EF
PID: 936 ( 780) C:\Programmer\Razer\Copperhead\razertra.exe
size: 147456
MD5: FC0CBC849C4A32C765E94F2DA7865766
PID: 880 ( 780) C:\Programmer\Razer\Copperhead\razerofa.exe
size: 159744
MD5: C118F97058699E412E637565E9DA117C
PID: 3336 (1104) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 4B4A23C50148601CA60D969D4AC0C116
PID: 1256 (1696) C:\Programmer\Panda Internet Security 2008\PavBckPT.exe
size: 111920
MD5: 37F6CA78B4EC02DAC2E06A45E7A2DE77
PID: 10488 (1060) C:\WINDOWS\explorer.exe
size: 1034240
MD5: 91E15A22E62A11014DB521FB589B6093
PID: 12736 (1296) C:\Programmer\Internet Explorer\IEXPLORE.EXE
size: 625664
MD5: 2703D940A62B731AA220529DD7331A78
PID: 12864 (10488) C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 26-03-2008 21:07:05
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearchHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft....k/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft....k/?LinkId=69157HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft....k/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm--- Winsock Layered Service Provider list ---
Protocol 0: PAV_LAYERED over [MSAFD Tcpip [TCP/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll
Protocol 1: PAV_LAYERED over [MSAFD Tcpip [UDP/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll
Protocol 2: PAV_LAYERED over [MSAFD Tcpip [RAW/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll
Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B471188E-EBFE-4249-841E-53BDFA119A78}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B471188E-EBFE-4249-841E-53BDFA119A78}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A70B20D6-2B08-48FA-AC37-1387FDEC122A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A70B20D6-2B08-48FA-AC37-1387FDEC122A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{649B7DBE-191B-4D2E-9FBD-9246F516DB05}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{649B7DBE-191B-4D2E-9FBD-9246F516DB05}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C1CB386-D985-4DC5-B351-5E57CD154D80}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C1CB386-D985-4DC5-B351-5E57CD154D80}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: PAV_LAYERED
GUID: {6B320271-E041-22D0-9A38-11BB1164A02D}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: NLA-navneområde (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
------------------------
combo fix
ComboFix 08-03-25.4 - Annette 2008-03-26 20:36:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.1581 [GMT 1:00]
Running from: C:\Documents and Settings\Annette\Skrivebord\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\tmp53.tmp
.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.
2008-03-26 00:38 . 2008-03-26 00:38 <DIR> d-------- C:\Documents and Settings\Annette\Skrivebordvirii
2008-03-26 00:38 . 2008-03-26 00:38 98,304 --a------ C:\WINDOWS\system32\jixatghe.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\SkrivebordTrojan.Win32.BlackBird.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\SkrivebordFWebdEditor.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\Skrivebordfwebd.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\Skrivebordfkwp2.0.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\Skrivebordfkwp1.5.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\Skrivebordfilemanagerclient.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\SkrivebordEditorFKWP2.0.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\SkrivebordEditorFKWP1.5.exe
2008-03-25 23:54 . 2008-03-25 23:54 102,400 --a------ C:\WINDOWS\system32\pmjyhoxk.exe
2008-03-25 19:24 . 2008-03-25 19:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-25 15:53 . 2008-03-25 15:53 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-03-25 00:40 . 2008-03-26 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-25 00:32 . 2008-03-25 00:32 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\Grisoft
2008-03-25 00:32 . 2008-03-25 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-25 00:06 . 2008-03-25 00:06 94,208 --a------ C:\WINDOWS\system32\pwfefexk.exe
2008-03-24 23:53 . 2008-03-24 23:53 <DIR> d-------- C:\Programmer\CCleaner
2008-03-24 21:34 . 2008-03-24 21:34 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\ArcSoft
2008-03-24 20:58 . 2008-03-24 20:58 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-03-24 20:58 . 2008-03-24 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 20:00 . 2008-03-24 20:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-24 20:00 . 2008-03-24 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 19:59 . 2008-03-24 20:15 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-24 17:51 . 2008-03-26 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qtctmlkh
2008-03-23 20:34 . 2008-03-23 20:34 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\Jasc
2008-03-17 23:45 . 2008-03-17 23:45 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\DivX
2008-03-10 20:55 . 2008-03-10 20:55 <DIR> d-------- C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-03-05 20:39 . 2008-03-05 20:39 <DIR> d-------- C:\Programmer\Fælles filer\HP
2008-03-05 20:30 . 2008-03-05 20:30 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-03-05 20:30 . 2008-03-05 20:30 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-03-05 20:24 . 2008-03-05 20:24 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-03-05 20:10 . 2008-03-05 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-05 20:09 . 2008-03-05 20:09 <DIR> d-------- C:\Programmer\Hewlett-Packard
2008-03-05 20:09 . 2008-03-05 20:09 <DIR> d-------- C:\Programmer\Fælles filer\Hewlett-Packard
2008-03-05 20:08 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-05 20:08 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-05 20:08 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-05 20:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-05 20:08 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-05 20:07 . 2008-03-05 20:07 <DIR> d-------- C:\Program Files
2008-03-05 20:07 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-05 20:07 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-05 20:07 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-05 20:07 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-05 20:07 . 2007-08-09 08:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-05 20:07 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-05 20:07 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-05 20:05 . 2008-03-05 20:39 <DIR> d-------- C:\Programmer\HP
2008-03-05 20:05 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-05 20:05 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-05 20:03 . 2008-03-05 20:03 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\HP
2008-03-05 20:03 . 2008-03-05 20:11 113,125 --a------ C:\WINDOWS\hpoins07.dat
2008-03-05 20:03 . 2005-05-24 06:41 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-03-02 23:11 . 2008-03-02 23:12 <DIR> d-------- C:\Programmer\Windows Live
2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d--hsc--- C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 20:19 . 2008-02-28 20:19 <DIR> d-------- C:\Programmer\Fælles filer\Adobe Systems Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 19:34 327,100 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-03-26 19:34 327,100 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-03-26 19:34 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-03-26 19:34 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-03-26 18:56 --------- d-----w C:\Programmer\Panda Internet Security 2008
2008-03-25 23:28 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-24 22:25 --------- d-----w C:\Documents and Settings\Annette\Application Data\Corel
2008-03-24 22:23 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-24 00:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-24 00:08 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-23 20:14 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-03-22 21:40 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-03-21 19:49 --------- d--h--w C:\Programmer\Creative Installation Information
2008-03-21 19:49 --------- d-----w C:\Programmer\Creative
2008-03-20 14:53 --------- d-----w C:\Documents and Settings\Annette\Application Data\Creative
2008-03-05 19:22 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-02-24 22:25 --------- d-----w C:\Programmer\Fælles filer\AVSMedia
2008-02-24 15:26 --------- d-----w C:\Documents and Settings\Annette\Application Data\AVS4YOU
2008-02-24 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 20:30 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-02-20 20:30 --------- d-----w C:\Programmer\ArcSoft
2008-02-10 21:49 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-02-10 21:49 --------- d-----w C:\Programmer\Fælles filer\Corel
2008-02-10 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-10 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-02-10 19:36 --------- d-----w C:\Programmer\SPAMfighter
2008-02-10 19:36 --------- d-----w C:\Programmer\Fælles filer\Ankiro
2008-02-10 19:24 94,282 ----a-w C:\WINDOWS\system32\msencode.dll
2008-02-10 19:24 78,848 ----a-w C:\WINDOWS\system32\inloader.dll
2008-02-10 19:24 54,784 ----a-w C:\WINDOWS\system32\msvcirt.dll
2008-02-10 19:24 32,256 ----a-w C:\WINDOWS\system32\SELFREG.DLL
2008-02-10 19:24 27,136 ----a-w C:\WINDOWS\system32\pubdlg.dll
2008-02-10 19:24 27,136 ----a-w C:\WINDOWS\system32\ctl3d32.dll
2008-02-10 19:24 161,552 ----a-w C:\WINDOWS\system32\asycpict.dll
2008-02-10 19:24 12,288 ----a-w C:\WINDOWS\system32\PICSTORE.DLL
2008-02-10 19:24 12,288 ----a-w C:\WINDOWS\system32\HLINKPRX.DLL
2008-02-10 19:24 1,123,600 ----a-w C:\WINDOWS\system32\FM20.DLL
2008-02-10 19:24 1,028,096 ----a-w C:\WINDOWS\system32\mfc42.dll
2008-02-10 18:31 --------- d-----w C:\Documents and Settings\Annette\Application Data\Uniblue
2008-02-10 16:01 --------- d-----w C:\Programmer\microsoft frontpage
2008-02-07 21:08 22,328 ----a-w C:\Documents and Settings\Annette\Application Data\PnkBstrK.sys
2008-02-07 21:00 --------- d-----w C:\Documents and Settings\Annette\Application Data\MahJong Suite
2008-02-07 21:00 --------- d-----w C:\Documents and Settings\Annette\Application Data\GameHouse
2008-02-07 20:55 --------- d-----w C:\Documents and Settings\Annette\Application Data\U3
2008-01-26 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-01-21 20:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-12 23:18 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-12 23:18 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-12 21:14 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"VolPanel"="C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-15 10:43 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\WINDOWS\system32\SPIRun.dll]
"APVXDWIN"="C:\Programmer\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30 406832]
"SCANINICIO"="C:\Programmer\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17 27952]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"razer"="C:\Programmer\Razer\Copperhead\razerhid.exe" [2005-09-06 11:52 155648]
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2005-09-07 21:40 230600]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"!AVG Anti-Spyware"="C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"0VJmRfLsDd"= C:\Documents and Settings\All Users\Application Data\qtctmlkh\argbsbyp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
--a------ 2007-05-25 12:13 1957888 C:\WINDOWS\system32\xRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 D:\Programmer\Adobe Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]
C:\WINDOWS\Domino.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]
-ra------ 2006-07-19 21:37 90112 C:\WINDOWS\VMSnap23.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
--a------ 2007-03-20 14:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omscjyks]
C:\WINDOWS\system32\kjojsfwn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uocuqfcf]
C:\WINDOWS\system32\farmdqbs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programmer\\MSN Backup\\MSNBackup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"G:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"G:\\Battlefield 2\\BF2.exe"=
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-12 22:14]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 vmfilter323;323 filter service, Normal;C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 04:25]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);C:\WINDOWS\system32\Drivers\usbvm323.sys [2006-08-21 09:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe4ea56c-c156-11dc-8130-d7074833c2d4}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-26 20:37:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmer\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-03-26 20:38:15
ComboFix-quarantined-files.txt 2008-03-26 19:38:07
and yes both files deleted