Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91844 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Got a dirty PC - can't clean it


  • This topic is locked This topic is locked
19 replies to this topic

#1 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 25 March 2008 - 01:13 PM

Maybe my topic wasn't that good.
What I meant was that my PC has caught some kind of spyware (?) and despite my effords to clean it I haven't been successfull.


Hi Guys and Gals :notworthy:

I'm posting my hijackthis.log and hope one of you can help me
According to my Panda software my PC has got a spyaxe.
I have downloaded loads of programs :smack:
I have done a lot of scans :wacko:
I think I have removed plenty of infections :angry:
and still it is there :pullhair:

I'm getting pop-up windows telling me I'm having a virus and "click here" for a scan.
I'm getting redirected when I click a link that I have googled

I 'm close to a format C but wanted to give it a last chance

Please

------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:13:41, on 25-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Internet Security 2008\TPSrv.exe
C:\Programmer\fjern lort\lavasoft\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
C:\Programmer\Panda Internet Security 2008\AVENGINE.EXE
C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\qtctmlkh\argbsbyp.exe
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Razer\Copperhead\razerhid.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spwdghcj.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Razer\Copperhead\razertra.exe
C:\Programmer\Razer\Copperhead\razerofa.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Panda Internet Security 2008\SRVLOAD.EXE
C:\Programmer\Panda Internet Security 2008\WebProxy.exe
C:\Programmer\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Annette\Skrivebord\hijackthis.exe
C:\WINDOWS\system32\spwdghcj.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [razer] C:\Programmer\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bpbcpcrb] C:\WINDOWS\system32\spwdghcj.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200174539777
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205178856765
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.c...tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A70B20D6-2B08-48FA-AC37-1387FDEC122A}: NameServer = 212.54.64.170,212.54.64.171
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: dwnrpofk - {6307CF89-5824-4B32-B3FB-5D067194F546} - (no file)
O21 - SSODL: vbgtorfd - {04117F0A-49B5-42B2-B3C2-1DD190656041} - (no file)
O21 - SSODL: CDMon - {b94b210f-d424-4716-b94a-a2beafd6ae73} - C:\WINDOWS\Installer\{b94b210f-d424-4716-b94a-a2beafd6ae73}\CDMon.dll (file missing)
O21 - SSODL: zip - {7f342cfa-4bb7-4b31-bc47-3a217d154686} - C:\WINDOWS\Installer\{7f342cfa-4bb7-4b31-bc47-3a217d154686}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\fjern lort\lavasoft\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programmer\Panda Internet Security 2008\TPSrv.exe

Edited by Annet, 26 March 2008 - 04:10 AM.

    Advertisements

Register to Remove


#2 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 26 March 2008 - 04:50 AM

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • Save and quit any work your doing before beginning the fix.
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!






___________________________________
DISABLE TEA TIMER

Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.



______________________________
RUN HJT

HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked




O4 - HKCU\..\Run: [bpbcpcrb] C:\WINDOWS\system32\spwdghcj.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O21 - SSODL: dwnrpofk - {6307CF89-5824-4B32-B3FB-5D067194F546} - (no file)
O21 - SSODL: vbgtorfd - {04117F0A-49B5-42B2-B3C2-1DD190656041} - (no file)
O21 - SSODL: CDMon - {b94b210f-d424-4716-b94a-a2beafd6ae73} - C:\WINDOWS\Installer\{b94b210f-d424-4716-b94a-a2beafd6ae73}\CDMon.dll (file missing)
O21 - SSODL: zip - {7f342cfa-4bb7-4b31-bc47-3a217d154686} - C:\WINDOWS\Installer\{7f342cfa-4bb7-4b31-bc47-3a217d154686}\zip.dll

Close that.


__________________________________




_____________________________
Task Manager
I would like you to open the task manager by pressing simeltaniously
Ctrl+Shift+Esc or cntrl /alt/delete
then go to the processes tab and end the following if present:
by: right clicking on and choosing end process.


___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.


___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present. If you need help finding them.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD


C:\WINDOWS\system32\spwdghcj.exe

C:\Documents and Settings\All Users\Application Data\qtctmlkh\argbsbyp.exe



____________________________________




1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop

http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Click start/run and copy and Paste this in exactly using the picture below for reference:

"%userprofile%\desktop\combofix.exe" /killall


Posted Image

3. Combo will begin to run DO NOTHING while this is happeneing.
  • It will kill a few processes and disconnect you from the internet.
  • If by chance it stops prematurly you can re-establish your internet connection by restarting your computer.
  • This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.

If when it's completed you can not get on the internet just reboot the computer

Post the log from comboFix for me located in
c:\comboFix.txt




_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from S&D Fix
  • The report from Combo Fix
  • Let me know you were able to delete those 2 files.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#3 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 26 March 2008 - 05:53 AM

Thank you for your reply I am now at work and will be able to carry out your instructions in about 6 hours. This just to let you know that i do want your help and I very much appreciate what you do :thumbup: Annette

#4 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 26 March 2008 - 01:12 PM

Task Manager is greyed out ctrl+alt+del = taskmanager has been disabled by administrator :scratch:

#5 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 26 March 2008 - 01:25 PM

copy this exactly by highlighting everything in the box.
Right click choose copy.


REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f


Click
start/run

and paste by right clicking in the start box and chooing paste.
Click OK.

Try again. :thumbup:

If it still doesn't work just continue with the fix as is. Just let me know what you can't do.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#6 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 26 March 2008 - 02:12 PM

It gave me some problems but here is what I've got

HJT log

Logfile of HijackThis v1.99.1
Scan saved at 20:39:52, on 26-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Razer\Copperhead\razerhid.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
C:\Programmer\Panda Internet Security 2008\AVENGINE.EXE
C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Razer\Copperhead\razertra.exe
C:\Programmer\Razer\Copperhead\razerofa.exe
C:\Programmer\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Annette\Skrivebord\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [razer] C:\Programmer\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200174539777
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205178856765
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.c...tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A70B20D6-2B08-48FA-AC37-1387FDEC122A}: NameServer = 212.54.64.170,212.54.64.171
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programmer\Panda Internet Security 2008\TPSrv.exe

---------------------------


S&D report


--- Search result list ---
Inet Delivery: [SBI $62162B60] Bruger indstilling (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\Software\Inet Delivery

Inet Delivery: [SBI $6DE54DE3] Afinstallér indstillinger (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery

GoldenPalace.Casino: [SBI $A27AFA55] Bruger indstilling (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\Software\Golden Palace Casino PT

GoldenPalace.Casino: [SBI $59E76BAB] Afinstallér indstillinger (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW

MagicControl.Agent: [SBI $535C1507] Afinstallér indstillinger (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent

SpySheriff: [SBI $F18F24AD] Class ID (Registreringsdatabasenøgle, fixed)
HKEY_USERS\S-1-5-21-1417001333-261478967-839522115-1004\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

SpySheriff: [SBI $D4B25EE3] Class ID (Registreringsdatabasenøgle, fixed)
HKEY_CLASSES_ROOT\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

MediaUpdate: [SBI $407258B6] Class ID (Registreringsdatabasenøgle, fixed)
HKEY_CLASSES_ROOT\CLSID\{B8C0220D-763D-49A4-95F4-61DFDEC66EE6}

Statcounter: Tracking cookie (Internet Explorer: Annette) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-03-24 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-03-19 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-03-19 Includes\DialerC.sbi (*)
2008-03-19 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-03-19 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-03-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-03-12 Includes\Malware.sbi (*)
2008-03-19 Includes\MalwareC.sbi (*)
2008-02-20 Includes\PUPS.sbi (*)
2008-03-19 Includes\PUPSC.sbi (*)
2008-03-19 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-03-19 Includes\SecurityC.sbi (*)
2008-03-19 Includes\Spybots.sbi (*)
2008-03-19 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-03-19 Includes\Trojans.sbi (*)
2008-03-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix til Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Sikkerhedsopdatering til Windows Media Player 9 (KB936782)
/ Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/932471
/ Windows XP: Sikkerhedsopdatering til Windows XP (KB941569)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Opdatering til Windows XP (KB894391)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896358)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896423)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896428)
/ Windows XP / SP3: Opdatering til Windows XP (KB898461)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899587)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899591)
/ Windows XP / SP3: Opdatering til Windows XP (KB900485)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB900725)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901017)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901214)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB902400)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB904706)
/ Windows XP / SP3: Opdatering til Windows XP (KB904942)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905414)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905749)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB908519)
/ Windows XP / SP3: Opdatering til Windows XP (KB908531)
/ Windows XP / SP3: Opdatering til Windows XP (KB910437)
/ Windows XP / SP3: Opdatering til Windows XP (KB911280)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB911562)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB911927)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB913580)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB914388)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB914389)
/ Windows XP / SP3: Hotfix til Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Opdatering til Windows XP (KB916595)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917159)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917344)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917953)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB918118)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB918439)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB919007)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920213)
/ Windows XP / SP3: Opdatering til Windows XP (KB920342)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920670)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920683)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920685)
/ Windows XP / SP3: Opdatering til Windows XP (KB920872)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB921503)
/ Windows XP / SP3: Opdatering til Windows XP (KB922582)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB922819)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923191)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923414)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923980)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924270)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924496)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924667)
/ Windows XP / SP3: Opdatering til Windows XP (KB925720)
/ Windows XP / SP3: Opdatering til Windows XP (KB925876)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB926255)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB926436)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB927779)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB927802)
/ Windows XP / SP3: Opdatering til Windows XP (KB927891)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB928255)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB928843)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB929123)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB930178)
/ Windows XP / SP3: Opdatering til Windows XP (KB930916)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB931261)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB931784)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB932168)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB933729)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB935839)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB935840)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB936021)
/ Windows XP / SP3: Opdatering til Windows XP (KB936357)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB938127)
/ Windows XP / SP3: Opdatering til Windows XP (KB938828)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB938829)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941202)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941568)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941644)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB942615)
/ Windows XP / SP3: Opdatering til Windows XP (KB942763)
/ Windows XP / SP3: Opdatering til Windows XP (KB942840)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943055)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943460)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943485)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB944653)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB946026)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, APVXDWIN
command: "C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE" /s
file: C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE
size: 406832
MD5: 37053D331B235EFCB6288D50D5C68F7E

Located: HK_LM:Run, HP Software Update
command: C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
file: C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: 9493BFFB9F82EFEC742F5C56A279BD5B

Located: HK_LM:Run, P17Helper
command: Rundll32 SPIRun.dll,RunDLLEntry
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, razer
command: C:\Programmer\Razer\Copperhead\razerhid.exe
file: C:\Programmer\Razer\Copperhead\razerhid.exe
size: 155648
MD5: F78212329BFD1EBDD0C3009ABC748BD9

Located: HK_LM:Run, SCANINICIO
command: "C:\Programmer\Panda Internet Security 2008\Inicio.exe"
file: C:\Programmer\Panda Internet Security 2008\Inicio.exe
size: 27952
MD5: A2F512BF50F8F24A20D70DB728DDD4EB

Located: HK_LM:Run, SPAMfighter Agent
command: "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
file: C:\Programmer\SPAMfighter\SFAgent.exe
size: 230600
MD5: 3330DFB54046F0F154F1A7E358E873CC

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, VolPanel
command: "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
file: C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
size: 122880
MD5: E81A33F3E11959E65251988E79AA243C

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1417001333-261478967-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)
where: S-1-5-21-1417001333-261478967-839522115-1004...
command: C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: Startup (fælles), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start...
command: C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D

Located: Windows Logon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com.../readstep2.html
info source: TonyKlein
Path: C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22-10-2006 23:08:42
Date (last access): 26-03-2008 20:52:12
Date (last write): 22-10-2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Programmer\Java\jre1.6.0_03\bin\
Long name: ssv.dll



--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.micros...tes/ieawsdc.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 30-06-2007 19:09:06
Date (last access): 26-03-2008 20:40:44
Date (last write): 30-06-2007 19:09:06
Filesize: 175968
Attributes: archive
MD5: BCD0A5C3C1715C363CB3F321ABE31514
CRC32: DB757059
Version: 12.0.6028.0

{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate)
DPF name:
CLSID name: Creative Software AutoUpdate
Installer: C:\WINDOWS\Downloaded Program Files\CTSUEng.inf
Codebase: http://www.creative....031/CTSUEng.cab
description:
classification: Legitimate
known filename: CTSUEng.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: CTSUEng.ocx
Short name:
Date (created): 08-06-2007 16:33:12
Date (last access): 25-03-2008 18:34:02
Date (last write): 08-06-2007 16:33:12
Filesize: 231200
Attributes: archive
MD5: 987047E9CD80B5793F3109B9EC6BAEE5
CRC32: 9FA03E57
Version: 1.50.16.0

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky...can_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 29-08-2007 15:49:54
Date (last access): 25-03-2008 18:36:06
Date (last write): 29-08-2007 15:49:54
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.syma...bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 15-01-2008 22:12:38
Date (last access): 26-03-2008 20:40:44
Date (last write): 15-01-2008 22:12:38
Filesize: 312680
Attributes: archive
MD5: 888798ADCF17BEF44219A7CC910B8FC8
CRC32: 36D46E76
Version: 2006.2.22.58

{512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
DPF name:
CLSID name: TotalScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\ascstubie.inf
Codebase: http://www.nanoscan....s/ascstubie.cab
description:
classification: Legitimate
known filename: ascstubie.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ascstubie.dll
Short name: ASCSTU~1.DLL
Date (created): 21-08-2007 14:37:26
Date (last access): 26-03-2008 20:40:44
Date (last write): 21-08-2007 14:37:26
Filesize: 124208
Attributes: archive
MD5: 0AD87599756B34C0214AFCE961E78DD5
CRC32: EA254381
Version: 1.0.0.7

{56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control)
DPF name:
CLSID name: PSFormX Control
Installer: C:\WINDOWS\Downloaded Program Files\pestscanx.inf
Codebase: http://www.ca.com/us...an/pestscan.cab
description:
classification: Legitimate
known filename: PESTSC~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: pestscanx.ocx
Short name: PESTSC~1.OCX
Date (created): 13-09-2005 13:42:54
Date (last access): 26-03-2008 00:08:52
Date (last write): 13-09-2005 13:42:54
Filesize: 676864
Attributes: archive
MD5: C405384A2D2F8830BEAF67125119A10F
CRC32: 69DDE6E8
Version: 1.0.0.16

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINDOWS\Downloaded Program Files\oscan8.inf
Codebase: http://download.bitd...can8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: oscan82.ocx
Short name:
Date (created): 26-02-2008 15:59:18
Date (last access): 25-03-2008 18:34:02
Date (last write): 26-02-2008 15:59:18
Filesize: 487424
Attributes: archive
MD5: 230A39D8950142CF2C94A5C1E567E95E
CRC32: A546A5BB
Version: 1.0.0.1

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://www.update.mi...b?1200174539777
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 12-01-2008 21:13:16
Date (last access): 26-03-2008 20:43:10
Date (last write): 30-07-2007 19:19:46
Filesize: 203096
Attributes: archive
MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
CRC32: 8092F837
Version: 7.0.6000.381

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.syma...n/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 15-01-2008 22:12:48
Date (last access): 26-03-2008 20:40:44
Date (last write): 15-01-2008 22:12:48
Filesize: 296336
Attributes: archive
MD5: B64C2F3609301D0FA2BBABFB5799890C
CRC32: 246BD9BB
Version: 2006.2.15.43

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.mi...b?1205178856765
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 30-07-2007 19:18:34
Date (last access): 26-03-2008 20:43:08
Date (last write): 30-07-2007 19:18:34
Filesize: 207736
Attributes: archive
MD5: 8038B166CE79E58E193566150CE26465
CRC32: 9137D395
Version: 7.0.6000.381

{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase: http://www.ca.com/us...nfo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 20-11-2006 12:02:34
Date (last access): 26-03-2008 20:40:44
Date (last write): 20-11-2006 12:02:34
Filesize: 180282
Attributes: archive
MD5: 76EA3ABECE61FBA3C07F61E42BB0CA48
CRC32: AECD0E4D
Version: 1.1.0.1049

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.ma...t/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programmer\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24-09-2007 23:31:44
Date (last access): 25-03-2008 19:58:10
Date (last write): 25-09-2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class)
DPF name:
CLSID name: Util Class
Installer:
Codebase: https://udstedelse.c...tdccsp-0506.exe
description:
classification: Legitimate
known filename: csputil.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programmer\TDC\Digital Signatur CSP\
Long name: csputil.dll
Short name:
Date (created): 18-04-2006 15:54:22
Date (last access): 25-03-2008 18:32:40
Date (last write): 18-04-2006 15:54:22
Filesize: 294912
Attributes: archive
MD5: F4BBAD003A69825732999A713F782E76
CRC32: 64E82F89
Version: 1.1.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.m...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 21-11-2007 01:04:14
Date (last access): 26-03-2008 19:53:28
Date (last write): 21-11-2007 01:04:14
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0

{F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
DPF name:
CLSID name: Creative Software AutoUpdate Support Package
Installer: C:\WINDOWS\Downloaded Program Files\CTPID.inf
Codebase: http://www.creative....15034/CTPID.cab
description:
classification: Legitimate
known filename: CTPID.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\
Long name: CTPID.ocx
Short name:
Date (created): 13-01-2008 00:22:30
Date (last access): 25-03-2008 18:30:08
Date (last write): 11-01-2008 15:58:38
Filesize: 37536
Attributes: archive
MD5: EEDEA032CD9325FBB394406350C41427
CRC32: 25040EA1
Version: 1.0.42.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 944 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1036 ( 944) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1060 ( 944) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1104 (1060) C:\WINDOWS\system32\services.exe
size: 108032
MD5: 55BBE54A196B1A9F99EC2E01F4AC1215
PID: 1116 (1060) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9086126FB5FD15CEB387121506400244
PID: 1296 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1364 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1476 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1500 (1104) C:\Programmer\Panda Internet Security 2008\TPSrv.exe
size: 404784
MD5: 3C0E87F077D1BB31D86AA927E15E85C1
PID: 1636 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1760 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 416 (1104) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1616 ( 276) C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
size: 122880
MD5: E81A33F3E11959E65251988E79AA243C
PID: 308 ( 276) C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF
PID: 780 ( 276) C:\Programmer\Razer\Copperhead\razerhid.exe
size: 155648
MD5: F78212329BFD1EBDD0C3009ABC748BD9
PID: 948 ( 276) C:\Programmer\SPAMfighter\SFAgent.exe
size: 230600
MD5: 3330DFB54046F0F154F1A7E358E873CC
PID: 1404 ( 276) C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983
PID: 1728 ( 276) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C
PID: 1784 ( 276) C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
PID: 724 (1104) C:\WINDOWS\system32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1020 (1104) C:\WINDOWS\system32\nvsvc32.exe
size: 155716
MD5: 472A00D2183C9E5EDB3E076272741812
PID: 1696 (1104) C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
size: 169264
MD5: C57E4072BB37449678CA193BF1928398
PID: 1924 (1104) C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
size: 173360
MD5: 7638CFE8F22C799431A39CDFF6D4AB04
PID: 808 (1104) C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
size: 63024
MD5: F41AD950FABA0AD91D9D323074A6AF65
PID: 1840 (1104) C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
size: 148272
MD5: C37842E4E473A064B21755D6235F5497
PID: 1592 (1840) C:\Programmer\Panda Internet Security 2008\AVENGINE.EXE
size: 96560
MD5: FDE0F9A81E6893E780C2AB5BA3BF166D
PID: 372 (1104) C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
size: 67120
MD5: D858C1B9C6B4726993C1BAFFC27F49E6
PID: 2044 (1104) C:\WINDOWS\system32\PnkBstrA.exe
size: 66872
MD5: 831883B107684301F48ACE752C963984
PID: 972 (1104) C:\WINDOWS\system32\PnkBstrB.exe
size: 107832
MD5: 3CBDAD8993E100192BD85119FD00438E
PID: 2012 (1104) C:\WINDOWS\system32\PSIService.exe
size: 177704
MD5: F115AF58ABE5605D7D709CBFBD83F418
PID: 116 (1104) c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
size: 226864
MD5: 545D81E007989AEEFCCA8922D38CCF0C
PID: 292 (1104) C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
size: 108592
MD5: AB75889B63CB3B761FB71072AC79DF94
PID: 912 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 3872 (1784) C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
size: 204800
MD5: 2DB4D4386AC0F8CC367E1AA8AB1004EF
PID: 936 ( 780) C:\Programmer\Razer\Copperhead\razertra.exe
size: 147456
MD5: FC0CBC849C4A32C765E94F2DA7865766
PID: 880 ( 780) C:\Programmer\Razer\Copperhead\razerofa.exe
size: 159744
MD5: C118F97058699E412E637565E9DA117C
PID: 3336 (1104) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 4B4A23C50148601CA60D969D4AC0C116
PID: 1256 (1696) C:\Programmer\Panda Internet Security 2008\PavBckPT.exe
size: 111920
MD5: 37F6CA78B4EC02DAC2E06A45E7A2DE77
PID: 10488 (1060) C:\WINDOWS\explorer.exe
size: 1034240
MD5: 91E15A22E62A11014DB521FB589B6093
PID: 12736 (1296) C:\Programmer\Internet Explorer\IEXPLORE.EXE
size: 625664
MD5: 2703D940A62B731AA220529DD7331A78
PID: 12864 (10488) C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 26-03-2008 21:07:05

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft....k/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: PAV_LAYERED over [MSAFD Tcpip [TCP/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll

Protocol 1: PAV_LAYERED over [MSAFD Tcpip [UDP/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll

Protocol 2: PAV_LAYERED over [MSAFD Tcpip [RAW/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B471188E-EBFE-4249-841E-53BDFA119A78}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B471188E-EBFE-4249-841E-53BDFA119A78}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A70B20D6-2B08-48FA-AC37-1387FDEC122A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A70B20D6-2B08-48FA-AC37-1387FDEC122A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{649B7DBE-191B-4D2E-9FBD-9246F516DB05}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{649B7DBE-191B-4D2E-9FBD-9246F516DB05}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C1CB386-D985-4DC5-B351-5E57CD154D80}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C1CB386-D985-4DC5-B351-5E57CD154D80}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: PAV_LAYERED
GUID: {6B320271-E041-22D0-9A38-11BB1164A02D}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-navneområde (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

------------------------

combo fix

ComboFix 08-03-25.4 - Annette 2008-03-26 20:36:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.1581 [GMT 1:00]
Running from: C:\Documents and Settings\Annette\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\tmp53.tmp

.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-26 00:38 . 2008-03-26 00:38 <DIR> d-------- C:\Documents and Settings\Annette\Skrivebordvirii
2008-03-26 00:38 . 2008-03-26 00:38 98,304 --a------ C:\WINDOWS\system32\jixatghe.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\SkrivebordTrojan.Win32.BlackBird.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\SkrivebordFWebdEditor.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\Skrivebordfwebd.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\Skrivebordfkwp2.0.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\Skrivebordfkwp1.5.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\Skrivebordfilemanagerclient.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\SkrivebordEditorFKWP2.0.exe
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\Documents and Settings\Annette\SkrivebordEditorFKWP1.5.exe
2008-03-25 23:54 . 2008-03-25 23:54 102,400 --a------ C:\WINDOWS\system32\pmjyhoxk.exe
2008-03-25 19:24 . 2008-03-25 19:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-25 15:53 . 2008-03-25 15:53 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-03-25 00:40 . 2008-03-26 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-25 00:32 . 2008-03-25 00:32 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\Grisoft
2008-03-25 00:32 . 2008-03-25 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-25 00:06 . 2008-03-25 00:06 94,208 --a------ C:\WINDOWS\system32\pwfefexk.exe
2008-03-24 23:53 . 2008-03-24 23:53 <DIR> d-------- C:\Programmer\CCleaner
2008-03-24 21:34 . 2008-03-24 21:34 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\ArcSoft
2008-03-24 20:58 . 2008-03-24 20:58 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-03-24 20:58 . 2008-03-24 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 20:00 . 2008-03-24 20:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-24 20:00 . 2008-03-24 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 19:59 . 2008-03-24 20:15 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-24 17:51 . 2008-03-26 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qtctmlkh
2008-03-23 20:34 . 2008-03-23 20:34 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\Jasc
2008-03-17 23:45 . 2008-03-17 23:45 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\DivX
2008-03-10 20:55 . 2008-03-10 20:55 <DIR> d-------- C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-03-05 20:39 . 2008-03-05 20:39 <DIR> d-------- C:\Programmer\Fælles filer\HP
2008-03-05 20:30 . 2008-03-05 20:30 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-03-05 20:30 . 2008-03-05 20:30 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-03-05 20:24 . 2008-03-05 20:24 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-03-05 20:10 . 2008-03-05 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-05 20:09 . 2008-03-05 20:09 <DIR> d-------- C:\Programmer\Hewlett-Packard
2008-03-05 20:09 . 2008-03-05 20:09 <DIR> d-------- C:\Programmer\Fælles filer\Hewlett-Packard
2008-03-05 20:08 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-05 20:08 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-05 20:08 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-05 20:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-05 20:08 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-05 20:07 . 2008-03-05 20:07 <DIR> d-------- C:\Program Files
2008-03-05 20:07 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-05 20:07 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-05 20:07 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-05 20:07 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-05 20:07 . 2007-08-09 08:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-05 20:07 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-05 20:07 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-05 20:05 . 2008-03-05 20:39 <DIR> d-------- C:\Programmer\HP
2008-03-05 20:05 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-05 20:05 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-05 20:03 . 2008-03-05 20:03 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\HP
2008-03-05 20:03 . 2008-03-05 20:11 113,125 --a------ C:\WINDOWS\hpoins07.dat
2008-03-05 20:03 . 2005-05-24 06:41 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-03-02 23:11 . 2008-03-02 23:12 <DIR> d-------- C:\Programmer\Windows Live
2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d--hsc--- C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 20:19 . 2008-02-28 20:19 <DIR> d-------- C:\Programmer\Fælles filer\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 19:34 327,100 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-03-26 19:34 327,100 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-03-26 19:34 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-03-26 19:34 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-03-26 18:56 --------- d-----w C:\Programmer\Panda Internet Security 2008
2008-03-25 23:28 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-24 22:25 --------- d-----w C:\Documents and Settings\Annette\Application Data\Corel
2008-03-24 22:23 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-24 00:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-24 00:08 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-23 20:14 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-03-22 21:40 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-03-21 19:49 --------- d--h--w C:\Programmer\Creative Installation Information
2008-03-21 19:49 --------- d-----w C:\Programmer\Creative
2008-03-20 14:53 --------- d-----w C:\Documents and Settings\Annette\Application Data\Creative
2008-03-05 19:22 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-02-24 22:25 --------- d-----w C:\Programmer\Fælles filer\AVSMedia
2008-02-24 15:26 --------- d-----w C:\Documents and Settings\Annette\Application Data\AVS4YOU
2008-02-24 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 20:30 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-02-20 20:30 --------- d-----w C:\Programmer\ArcSoft
2008-02-10 21:49 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-02-10 21:49 --------- d-----w C:\Programmer\Fælles filer\Corel
2008-02-10 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-10 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-02-10 19:36 --------- d-----w C:\Programmer\SPAMfighter
2008-02-10 19:36 --------- d-----w C:\Programmer\Fælles filer\Ankiro
2008-02-10 19:24 94,282 ----a-w C:\WINDOWS\system32\msencode.dll
2008-02-10 19:24 78,848 ----a-w C:\WINDOWS\system32\inloader.dll
2008-02-10 19:24 54,784 ----a-w C:\WINDOWS\system32\msvcirt.dll
2008-02-10 19:24 32,256 ----a-w C:\WINDOWS\system32\SELFREG.DLL
2008-02-10 19:24 27,136 ----a-w C:\WINDOWS\system32\pubdlg.dll
2008-02-10 19:24 27,136 ----a-w C:\WINDOWS\system32\ctl3d32.dll
2008-02-10 19:24 161,552 ----a-w C:\WINDOWS\system32\asycpict.dll
2008-02-10 19:24 12,288 ----a-w C:\WINDOWS\system32\PICSTORE.DLL
2008-02-10 19:24 12,288 ----a-w C:\WINDOWS\system32\HLINKPRX.DLL
2008-02-10 19:24 1,123,600 ----a-w C:\WINDOWS\system32\FM20.DLL
2008-02-10 19:24 1,028,096 ----a-w C:\WINDOWS\system32\mfc42.dll
2008-02-10 18:31 --------- d-----w C:\Documents and Settings\Annette\Application Data\Uniblue
2008-02-10 16:01 --------- d-----w C:\Programmer\microsoft frontpage
2008-02-07 21:08 22,328 ----a-w C:\Documents and Settings\Annette\Application Data\PnkBstrK.sys
2008-02-07 21:00 --------- d-----w C:\Documents and Settings\Annette\Application Data\MahJong Suite
2008-02-07 21:00 --------- d-----w C:\Documents and Settings\Annette\Application Data\GameHouse
2008-02-07 20:55 --------- d-----w C:\Documents and Settings\Annette\Application Data\U3
2008-01-26 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-01-21 20:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-12 23:18 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-12 23:18 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-12 21:14 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"VolPanel"="C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-15 10:43 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\WINDOWS\system32\SPIRun.dll]
"APVXDWIN"="C:\Programmer\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30 406832]
"SCANINICIO"="C:\Programmer\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17 27952]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"razer"="C:\Programmer\Razer\Copperhead\razerhid.exe" [2005-09-06 11:52 155648]
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2005-09-07 21:40 230600]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"!AVG Anti-Spyware"="C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"0VJmRfLsDd"= C:\Documents and Settings\All Users\Application Data\qtctmlkh\argbsbyp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
--a------ 2007-05-25 12:13 1957888 C:\WINDOWS\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 D:\Programmer\Adobe Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]
C:\WINDOWS\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]
-ra------ 2006-07-19 21:37 90112 C:\WINDOWS\VMSnap23.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
--a------ 2007-03-20 14:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omscjyks]
C:\WINDOWS\system32\kjojsfwn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uocuqfcf]
C:\WINDOWS\system32\farmdqbs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programmer\\MSN Backup\\MSNBackup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"G:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"G:\\Battlefield 2\\BF2.exe"=

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-12 22:14]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 vmfilter323;323 filter service, Normal;C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 04:25]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);C:\WINDOWS\system32\Drivers\usbvm323.sys [2006-08-21 09:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe4ea56c-c156-11dc-8130-d7074833c2d4}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 20:37:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmer\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-03-26 20:38:15
ComboFix-quarantined-files.txt 2008-03-26 19:38:07


and yes both files deleted

#7 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 26 March 2008 - 05:35 PM

You're doing great.


We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you
in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
When complete, a log named CF_RC.txt will open. Please post the contents of that log.



________________________________________
Open notepad and copy/paste the text in the quotebox below into it:

File:: 
C:\WINDOWS\system32\kjojsfwn.exe
C:\WINDOWS\system32\farmdqbs.exe
C:\Documents and Settings\Annette\Skrivebordvirii
C:\WINDOWS\system32\jixatghe.exe
C:\Documents and Settings\Annette\SkrivebordTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Annette\SkrivebordFWebdEditor.exe
C:\Documents and Settings\Annette\Skrivebordfwebd.exe
C:\Documents and Settings\Annette\Skrivebordfkwp2.0.exe
C:\Documents and Settings\Annette\Skrivebordfkwp1.5.exe
C:\Documents and Settings\Annette\Skrivebordfilemanagerclient.exe
C:\Documents and Settings\Annette\SkrivebordEditorFKWP2.0.exe
C:\Documents and Settings\Annette\SkrivebordEditorFKWP1.5.exe
C:\WINDOWS\system32\pmjyhoxk.exe
C:\WINDOWS\system32\pwfefexk.exe
C:\Documents and Settings\All Users\Application Data\qtctmlkh

Folder:: 
C:\Documents and Settings\Annette\Skrivebordvirii
C:\Documents and Settings\All Users\Application Data\qtctmlkh

Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"0VJmRfLsDd"= -
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omscjyks]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uocuqfcf]


NOTE: This script was done for this user specifically.
DO NOT ATTEMPT TO USE IT IF YOU ARE NOT THIS USER
YOU WILL HURT THE WORKINGS OF YOUR COMPUTER !!
.

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.

_____________________________________________


Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

______________________________________________






Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


_________________________________

Using Internet Explorer, please do a Kaspersky Online Scan

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure as follows: [list]
  • Scan using the following Anti-Virus database:
    [list]
  • Extended
    [list]
  • Scan Options:[list]
  • Scan Archives
  • Scan Mail Bases

  • Click OK & have it scan My Computer
  • Once the scan is complete, it will provide a report if your system is infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click save report as

Posted Image

[*] Click the Save as Text button to save the file to your desktop and post it in your next reply
Posted Image



Turn off the real time scanner of any existing antivirus program while performing the online scan





_________________________
In your next reply I would like to see:
  • A new HJT log
  • The Rreport from CF_RC.txt
  • The report from ComboFix
  • The report from S&D fix
  • The report from Kasperskys

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#8 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 26 March 2008 - 09:37 PM

Here are the new logs


HJT

Logfile of HijackThis v1.99.1
Scan saved at 01:08:42, on 27-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
C:\Programmer\Panda Internet Security 2008\AVENGINE.EXE
C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Internet Security 2008\ApvxdWin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Panda Internet Security 2008\SRVLOAD.EXE
C:\Programmer\Panda Internet Security 2008\WebProxy.exe
C:\Programmer\Panda Internet Security 2008\PavBckPT.exe
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Razer\Copperhead\razerhid.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Razer\Copperhead\razertra.exe
C:\Programmer\Razer\Copperhead\razerofa.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Annette\Skrivebord\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [razer] C:\Programmer\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200174539777
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205178856765
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.c...tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A70B20D6-2B08-48FA-AC37-1387FDEC122A}: NameServer = 212.54.64.170,212.54.64.171
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programmer\Panda Internet Security 2008\TPSrv.exe

CF-RC

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


COMBO

ComboFix 08-03-25.4 - Annette 2008-03-27 0:50:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.1529 [GMT 1:00]
Running from: C:\Documents and Settings\Annette\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Annette\Skrivebord\CFScript.txt

FILE ::
C:\Documents and Settings\All Users\Application Data\qtctmlkh
C:\Documents and Settings\Annette\SkrivebordEditorFKWP1.5.exe
C:\Documents and Settings\Annette\SkrivebordEditorFKWP2.0.exe
C:\Documents and Settings\Annette\Skrivebordfilemanagerclient.exe
C:\Documents and Settings\Annette\Skrivebordfkwp1.5.exe
C:\Documents and Settings\Annette\Skrivebordfkwp2.0.exe
C:\Documents and Settings\Annette\Skrivebordfwebd.exe
C:\Documents and Settings\Annette\SkrivebordFWebdEditor.exe
C:\Documents and Settings\Annette\SkrivebordTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Annette\Skrivebordvirii
C:\WINDOWS\system32\farmdqbs.exe
C:\WINDOWS\system32\jixatghe.exe
C:\WINDOWS\system32\kjojsfwn.exe
C:\WINDOWS\system32\pmjyhoxk.exe
C:\WINDOWS\system32\pwfefexk.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\qtctmlkh
C:\Documents and Settings\Annette\SkrivebordEditorFKWP1.5.exe
C:\Documents and Settings\Annette\SkrivebordEditorFKWP2.0.exe
C:\Documents and Settings\Annette\Skrivebordfilemanagerclient.exe
C:\Documents and Settings\Annette\Skrivebordfkwp1.5.exe
C:\Documents and Settings\Annette\Skrivebordfkwp2.0.exe
C:\Documents and Settings\Annette\Skrivebordfwebd.exe
C:\Documents and Settings\Annette\SkrivebordFWebdEditor.exe
C:\Documents and Settings\Annette\SkrivebordTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Annette\Skrivebordvirii
C:\Documents and Settings\Annette\Skrivebordvirii\Trojan-Downloader.Win32.Agent.bl.exe
C:\Documents and Settings\Annette\Skrivebordvirii\Trojan-Downloader.Win32.Agent.p.exe
C:\Documents and Settings\Annette\Skrivebordvirii\Trojan-Downloader.Win32.Agent.r.exe
C:\Documents and Settings\Annette\Skrivebordvirii\Trojan-Downloader.Win32.Agent.t.exe
C:\Documents and Settings\Annette\Skrivebordvirii\Trojan-Downloader.Win32.Agent.v.exe
C:\WINDOWS\system32\jixatghe.exe
C:\WINDOWS\system32\pmjyhoxk.exe
C:\WINDOWS\system32\pwfefexk.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-27 00:12 . 2008-03-27 00:12 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-27 00:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-27 00:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-26 00:38 . 2008-03-26 00:38 4,096 --a------ C:\WINDOWS\zipped.tmp
2008-03-25 19:24 . 2008-03-25 19:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-25 15:53 . 2008-03-25 15:53 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-03-25 00:40 . 2008-03-26 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-25 00:32 . 2008-03-25 00:32 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\Grisoft
2008-03-25 00:32 . 2008-03-25 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 23:53 . 2008-03-24 23:53 <DIR> d-------- C:\Programmer\CCleaner
2008-03-24 21:34 . 2008-03-24 21:34 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\ArcSoft
2008-03-24 20:58 . 2008-03-24 20:58 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-03-24 20:58 . 2008-03-24 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 20:00 . 2008-03-24 20:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-24 20:00 . 2008-03-24 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 19:59 . 2008-03-24 20:15 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-23 20:34 . 2008-03-23 20:34 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\Jasc
2008-03-17 23:45 . 2008-03-17 23:45 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\DivX
2008-03-10 20:55 . 2008-03-10 20:55 <DIR> d-------- C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-03-05 20:39 . 2008-03-05 20:39 <DIR> d-------- C:\Programmer\Fælles filer\HP
2008-03-05 20:30 . 2008-03-05 20:30 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-03-05 20:30 . 2008-03-05 20:30 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-03-05 20:24 . 2008-03-05 20:24 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-03-05 20:10 . 2008-03-05 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-05 20:09 . 2008-03-05 20:09 <DIR> d-------- C:\Programmer\Hewlett-Packard
2008-03-05 20:09 . 2008-03-05 20:09 <DIR> d-------- C:\Programmer\Fælles filer\Hewlett-Packard
2008-03-05 20:08 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-05 20:08 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-05 20:08 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-05 20:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-05 20:08 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-05 20:07 . 2008-03-05 20:07 <DIR> d-------- C:\Program Files
2008-03-05 20:07 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-05 20:07 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-05 20:07 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-05 20:07 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-05 20:07 . 2007-08-09 08:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-05 20:07 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-05 20:07 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-05 20:05 . 2008-03-05 20:39 <DIR> d-------- C:\Programmer\HP
2008-03-05 20:05 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-05 20:05 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-05 20:03 . 2008-03-05 20:03 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\HP
2008-03-05 20:03 . 2008-03-05 20:11 113,125 --a------ C:\WINDOWS\hpoins07.dat
2008-03-05 20:03 . 2005-05-24 06:41 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-03-02 23:11 . 2008-03-02 23:12 <DIR> d-------- C:\Programmer\Windows Live
2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d--hsc--- C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 20:19 . 2008-02-28 20:19 <DIR> d-------- C:\Programmer\Fælles filer\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 23:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-26 23:14 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-26 23:12 327,100 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-03-26 23:12 327,100 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-03-26 23:12 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-03-26 23:12 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-03-26 18:56 --------- d-----w C:\Programmer\Panda Internet Security 2008
2008-03-25 23:28 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-24 22:25 --------- d-----w C:\Documents and Settings\Annette\Application Data\Corel
2008-03-24 22:23 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-23 20:14 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-03-22 21:40 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-03-21 19:49 --------- d--h--w C:\Programmer\Creative Installation Information
2008-03-21 19:49 --------- d-----w C:\Programmer\Creative
2008-03-20 14:53 --------- d-----w C:\Documents and Settings\Annette\Application Data\Creative
2008-03-05 19:22 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-02-24 22:25 --------- d-----w C:\Programmer\Fælles filer\AVSMedia
2008-02-24 15:26 --------- d-----w C:\Documents and Settings\Annette\Application Data\AVS4YOU
2008-02-24 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 20:30 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-02-20 20:30 --------- d-----w C:\Programmer\ArcSoft
2008-02-10 21:49 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-02-10 21:49 --------- d-----w C:\Programmer\Fælles filer\Corel
2008-02-10 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-10 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-02-10 19:36 --------- d-----w C:\Programmer\SPAMfighter
2008-02-10 19:36 --------- d-----w C:\Programmer\Fælles filer\Ankiro
2008-02-10 19:24 94,282 ----a-w C:\WINDOWS\system32\msencode.dll
2008-02-10 19:24 78,848 ----a-w C:\WINDOWS\system32\inloader.dll
2008-02-10 19:24 54,784 ----a-w C:\WINDOWS\system32\msvcirt.dll
2008-02-10 19:24 32,256 ----a-w C:\WINDOWS\system32\SELFREG.DLL
2008-02-10 19:24 27,136 ----a-w C:\WINDOWS\system32\pubdlg.dll
2008-02-10 19:24 27,136 ----a-w C:\WINDOWS\system32\ctl3d32.dll
2008-02-10 19:24 161,552 ----a-w C:\WINDOWS\system32\asycpict.dll
2008-02-10 19:24 12,288 ----a-w C:\WINDOWS\system32\PICSTORE.DLL
2008-02-10 19:24 12,288 ----a-w C:\WINDOWS\system32\HLINKPRX.DLL
2008-02-10 19:24 1,123,600 ----a-w C:\WINDOWS\system32\FM20.DLL
2008-02-10 19:24 1,028,096 ----a-w C:\WINDOWS\system32\mfc42.dll
2008-02-10 18:31 --------- d-----w C:\Documents and Settings\Annette\Application Data\Uniblue
2008-02-10 16:01 --------- d-----w C:\Programmer\microsoft frontpage
2008-02-07 21:08 22,328 ----a-w C:\Documents and Settings\Annette\Application Data\PnkBstrK.sys
2008-02-07 21:00 --------- d-----w C:\Documents and Settings\Annette\Application Data\MahJong Suite
2008-02-07 21:00 --------- d-----w C:\Documents and Settings\Annette\Application Data\GameHouse
2008-02-07 20:55 --------- d-----w C:\Documents and Settings\Annette\Application Data\U3
2008-01-26 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-01-21 20:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-12 23:18 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-12 23:18 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-12 21:14 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"VolPanel"="C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-15 10:43 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\WINDOWS\system32\SPIRun.dll]
"APVXDWIN"="C:\Programmer\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30 406832]
"SCANINICIO"="C:\Programmer\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17 27952]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"razer"="C:\Programmer\Razer\Copperhead\razerhid.exe" [2005-09-06 11:52 155648]
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2005-09-07 21:40 230600]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"!AVG Anti-Spyware"="C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
--a------ 2007-05-25 12:13 1957888 C:\WINDOWS\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 D:\Programmer\Adobe Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]
C:\WINDOWS\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]
-ra------ 2006-07-19 21:37 90112 C:\WINDOWS\VMSnap23.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
--a------ 2007-03-20 14:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programmer\\MSN Backup\\MSNBackup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"G:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"G:\\Battlefield 2\\BF2.exe"=

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-12 22:14]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 vmfilter323;323 filter service, Normal;C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 04:25]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);C:\WINDOWS\system32\Drivers\usbvm323.sys [2006-08-21 09:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe4ea56c-c156-11dc-8130-d7074833c2d4}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 00:51:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-27 0:51:33
ComboFix-quarantined-files.txt 2008-03-26 23:51:31
ComboFix2.txt 2008-03-26 19:38:16


SDFIX


SDFix: Version 1.162

Run by Annette on 27-03-2008 at 00:58

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Annette\SKRIVE~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\iTunesMusic.exe - Deleted


KASPERSKY

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 27, 2008 4:12:29 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/03/2008
Kaspersky Anti-Virus database records: 665347
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 128124
Number of viruses found: 5
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:16:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\Documents and Settings\Annette\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Annette\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Annette\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Annette\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Annette\Lokale indstillinger\Oversigt\History.IE5\MSHist012008032720080328\index.dat Object is locked skipped
C:\Documents and Settings\Annette\Lokale indstillinger\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Annette\Lokale indstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Annette\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Annette\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Annette\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmer\Panda Internet Security 2008\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\Programmer\Panda Internet Security 2008\cfab7be90db1be58159c4168f5bc15fbPSK_NAMES Object is locked skipped
C:\Programmer\Panda Internet Security 2008\cfab7be90db1be58159c4168f5bc15fbPSK_NAMES2 Object is locked skipped
C:\Programmer\SPAMfighter\Agent.log.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmjyhoxk.exe.vir Infected: Trojan-Downloader.Win32.Obfuscated.ec skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9AF4AD9E-A452-460F-BEF6-BAC4919585B9}\RP0\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{9AF4AD9E-A452-460F-BEF6-BAC4919585B9}\RP0\change.log Object is locked skipped
E:\Download\Downloadprogrammer\dap53.exe/WISE0021.BIN/dapiebar.dll Infected: not-a-virus:AdWare.Win32.Dap.g skipped
E:\Download\Downloadprogrammer\dap53.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Dap.g skipped
E:\Download\Downloadprogrammer\dap53.exe WiseSFX: infected - 2 skipped
E:\Download\Spyware cleaner\sdsetup.exe/file090 Infected: not-a-virus:Monitor.Win32.KeyLogger.dq skipped
E:\Download\Spyware cleaner\sdsetup.exe Inno: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{9AF4AD9E-A452-460F-BEF6-BAC4919585B9}\RP0\change.log Object is locked skipped
F:\C-drevet\Dokumenter\Modtagne filer\vnc-3.3.7-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
F:\C-drevet\Dokumenter\Modtagne filer\vnc-3.3.7-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
F:\C-drevet\Dokumenter\Modtagne filer\vnc-3.3.7-x86_win32.exe/data0004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
F:\C-drevet\Dokumenter\Modtagne filer\vnc-3.3.7-x86_win32.exe Inno: infected - 3 skipped
F:\C-drevet\important\Outlook Express\Old Spam (26).dbx/[From "Inge Bagger Mikkelsen" <betalingsservice@tele2.dk>][Date Thu, 22 Mar 2007 07:29:18 -0300]/508.rar/Regning.exe Infected: Email-Worm.Win32.Zhelatin.bg skipped
F:\C-drevet\important\Outlook Express\Old Spam (26).dbx/[From "Inge Bagger Mikkelsen" <betalingsservice@tele2.dk>][Date Thu, 22 Mar 2007 07:29:18 -0300]/508.rar Infected: Email-Worm.Win32.Zhelatin.bg skipped
F:\C-drevet\important\Outlook Express\Old Spam (26).dbx Mail MS Outlook 5: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{9AF4AD9E-A452-460F-BEF6-BAC4919585B9}\RP0\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{9AF4AD9E-A452-460F-BEF6-BAC4919585B9}\RP0\change.log Object is locked skipped

Scan process completed.

#9 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 26 March 2008 - 09:40 PM

forgot the S D log

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-03-24 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-03-19 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-03-19 Includes\DialerC.sbi
2008-03-19 Includes\HeavyDuty.sbi
2008-03-19 Includes\Hijackers.sbi
2008-03-19 Includes\HijackersC.sbi
2008-02-27 Includes\Keyloggers.sbi
2008-03-19 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-03-12 Includes\Malware.sbi
2008-03-19 Includes\MalwareC.sbi
2008-02-20 Includes\PUPS.sbi
2008-03-19 Includes\PUPSC.sbi
2008-03-19 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-03-19 Includes\SecurityC.sbi
2008-03-19 Includes\Spybots.sbi
2008-03-19 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2008-03-19 Includes\Trojans.sbi
2008-03-19 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix til Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Sikkerhedsopdatering til Windows Media Player 9 (KB936782)
/ Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/932471
/ Windows XP: Sikkerhedsopdatering til Windows XP (KB941569)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Opdatering til Windows XP (KB894391)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896358)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896423)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB896428)
/ Windows XP / SP3: Opdatering til Windows XP (KB898461)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899587)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB899591)
/ Windows XP / SP3: Opdatering til Windows XP (KB900485)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB900725)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901017)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB901214)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB902400)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB904706)
/ Windows XP / SP3: Opdatering til Windows XP (KB904942)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905414)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB905749)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB908519)
/ Windows XP / SP3: Opdatering til Windows XP (KB908531)
/ Windows XP / SP3: Opdatering til Windows XP (KB910437)
/ Windows XP / SP3: Opdatering til Windows XP (KB911280)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB911562)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB911927)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB913580)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB914388)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB914389)
/ Windows XP / SP3: Hotfix til Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Opdatering til Windows XP (KB916595)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917159)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917344)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB917953)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB918118)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB918439)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB919007)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920213)
/ Windows XP / SP3: Opdatering til Windows XP (KB920342)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920670)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920683)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB920685)
/ Windows XP / SP3: Opdatering til Windows XP (KB920872)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB921503)
/ Windows XP / SP3: Opdatering til Windows XP (KB922582)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB922819)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923191)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923414)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB923980)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924270)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924496)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB924667)
/ Windows XP / SP3: Opdatering til Windows XP (KB925720)
/ Windows XP / SP3: Opdatering til Windows XP (KB925876)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB926255)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB926436)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB927779)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB927802)
/ Windows XP / SP3: Opdatering til Windows XP (KB927891)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB928255)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB928843)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB929123)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB930178)
/ Windows XP / SP3: Opdatering til Windows XP (KB930916)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB931261)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB931784)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB932168)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB933729)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB935839)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB935840)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB936021)
/ Windows XP / SP3: Opdatering til Windows XP (KB936357)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB938127)
/ Windows XP / SP3: Opdatering til Windows XP (KB938828)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB938829)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941202)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941568)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB941644)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB942615)
/ Windows XP / SP3: Opdatering til Windows XP (KB942763)
/ Windows XP / SP3: Opdatering til Windows XP (KB942840)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943055)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943460)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB943485)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB944653)
/ Windows XP / SP3: Sikkerhedsopdatering til Windows XP (KB946026)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Programmer\fjern lort\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, APVXDWIN
command: "C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE" /s
file: C:\Programmer\Panda Internet Security 2008\APVXDWIN.EXE
size: 406832
MD5: 37053D331B235EFCB6288D50D5C68F7E

Located: HK_LM:Run, HP Software Update
command: C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
file: C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: 9493BFFB9F82EFEC742F5C56A279BD5B

Located: HK_LM:Run, P17Helper
command: Rundll32 SPIRun.dll,RunDLLEntry
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, razer
command: C:\Programmer\Razer\Copperhead\razerhid.exe
file: C:\Programmer\Razer\Copperhead\razerhid.exe
size: 155648
MD5: F78212329BFD1EBDD0C3009ABC748BD9

Located: HK_LM:Run, SCANINICIO
command: "C:\Programmer\Panda Internet Security 2008\Inicio.exe"
file: C:\Programmer\Panda Internet Security 2008\Inicio.exe
size: 27952
MD5: A2F512BF50F8F24A20D70DB728DDD4EB

Located: HK_LM:Run, SPAMfighter Agent
command: "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
file: C:\Programmer\SPAMfighter\SFAgent.exe
size: 230600
MD5: 3330DFB54046F0F154F1A7E358E873CC

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, VolPanel
command: "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
file: C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
size: 122880
MD5: E81A33F3E11959E65251988E79AA243C

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1417001333-261478967-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)
where: S-1-5-21-1417001333-261478967-839522115-1004...
command: C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C

Located: Startup (fælles), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start...
command: C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D

Located: Windows Logon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Windows Logon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com.../readstep2.html
info source: TonyKlein
Path: C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22-10-2006 23:08:42
Date (last access): 27-03-2008 04:14:44
Date (last write): 22-10-2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Programmer\Java\jre1.6.0_03\bin\
Long name: ssv.dll



--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.micros...tes/ieawsdc.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 30-06-2007 19:09:06
Date (last access): 27-03-2008 04:25:32
Date (last write): 30-06-2007 19:09:06
Filesize: 175968
Attributes: archive
MD5: BCD0A5C3C1715C363CB3F321ABE31514
CRC32: DB757059
Version: 12.0.6028.0

{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate)
DPF name:
CLSID name: Creative Software AutoUpdate
Installer: C:\WINDOWS\Downloaded Program Files\CTSUEng.inf
Codebase: http://www.creative....031/CTSUEng.cab
description:
classification: Legitimate
known filename: CTSUEng.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: CTSUEng.ocx
Short name:
Date (created): 08-06-2007 16:33:12
Date (last access): 27-03-2008 01:34:06
Date (last write): 08-06-2007 16:33:12
Filesize: 231200
Attributes: archive
MD5: 987047E9CD80B5793F3109B9EC6BAEE5
CRC32: 9FA03E57
Version: 1.50.16.0

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky...can_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 29-08-2007 15:49:54
Date (last access): 27-03-2008 04:14:44
Date (last write): 29-08-2007 15:49:54
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.syma...bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 15-01-2008 22:12:38
Date (last access): 27-03-2008 04:25:32
Date (last write): 15-01-2008 22:12:38
Filesize: 312680
Attributes: archive
MD5: 888798ADCF17BEF44219A7CC910B8FC8
CRC32: 36D46E76
Version: 2006.2.22.58

{512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
DPF name:
CLSID name: TotalScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\ascstubie.inf
Codebase: http://www.nanoscan....s/ascstubie.cab
description:
classification: Legitimate
known filename: ascstubie.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ascstubie.dll
Short name: ASCSTU~1.DLL
Date (created): 21-08-2007 14:37:26
Date (last access): 27-03-2008 04:25:32
Date (last write): 21-08-2007 14:37:26
Filesize: 124208
Attributes: archive
MD5: 0AD87599756B34C0214AFCE961E78DD5
CRC32: EA254381
Version: 1.0.0.7

{56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control)
DPF name:
CLSID name: PSFormX Control
Installer: C:\WINDOWS\Downloaded Program Files\pestscanx.inf
Codebase: http://www.ca.com/us...an/pestscan.cab
description:
classification: Legitimate
known filename: PESTSC~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: pestscanx.ocx
Short name: PESTSC~1.OCX
Date (created): 13-09-2005 13:42:54
Date (last access): 27-03-2008 01:34:06
Date (last write): 13-09-2005 13:42:54
Filesize: 676864
Attributes: archive
MD5: C405384A2D2F8830BEAF67125119A10F
CRC32: 69DDE6E8
Version: 1.0.0.16

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINDOWS\Downloaded Program Files\oscan8.inf
Codebase: http://download.bitd...can8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: oscan82.ocx
Short name:
Date (created): 26-02-2008 15:59:18
Date (last access): 27-03-2008 01:34:06
Date (last write): 26-02-2008 15:59:18
Filesize: 487424
Attributes: archive
MD5: 230A39D8950142CF2C94A5C1E567E95E
CRC32: A546A5BB
Version: 1.0.0.1

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://www.update.mi...b?1200174539777
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 12-01-2008 21:13:16
Date (last access): 27-03-2008 04:28:08
Date (last write): 30-07-2007 19:19:46
Filesize: 203096
Attributes: archive
MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
CRC32: 8092F837
Version: 7.0.6000.381

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.syma...n/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 15-01-2008 22:12:48
Date (last access): 27-03-2008 04:25:32
Date (last write): 15-01-2008 22:12:48
Filesize: 296336
Attributes: archive
MD5: B64C2F3609301D0FA2BBABFB5799890C
CRC32: 246BD9BB
Version: 2006.2.15.43

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.mi...b?1205178856765
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 30-07-2007 19:18:34
Date (last access): 27-03-2008 04:28:06
Date (last write): 30-07-2007 19:18:34
Filesize: 207736
Attributes: archive
MD5: 8038B166CE79E58E193566150CE26465
CRC32: 9137D395
Version: 7.0.6000.381

{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase: http://www.ca.com/us...nfo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 20-11-2006 12:02:34
Date (last access): 27-03-2008 04:25:32
Date (last write): 20-11-2006 12:02:34
Filesize: 180282
Attributes: archive
MD5: 76EA3ABECE61FBA3C07F61E42BB0CA48
CRC32: AECD0E4D
Version: 1.1.0.1049

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.ma...t/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programmer\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24-09-2007 23:31:44
Date (last access): 27-03-2008 01:32:04
Date (last write): 25-09-2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class)
DPF name:
CLSID name: Util Class
Installer:
Codebase: https://udstedelse.c...tdccsp-0506.exe
description:
classification: Legitimate
known filename: csputil.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programmer\TDC\Digital Signatur CSP\
Long name: csputil.dll
Short name:
Date (created): 18-04-2006 15:54:22
Date (last access): 27-03-2008 01:33:02
Date (last write): 18-04-2006 15:54:22
Filesize: 294912
Attributes: archive
MD5: F4BBAD003A69825732999A713F782E76
CRC32: 64E82F89
Version: 1.1.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.m...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 21-11-2007 01:04:14
Date (last access): 27-03-2008 04:14:44
Date (last write): 21-11-2007 01:04:14
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0

{F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
DPF name:
CLSID name: Creative Software AutoUpdate Support Package
Installer: C:\WINDOWS\Downloaded Program Files\CTPID.inf
Codebase: http://www.creative....15034/CTPID.cab
description:
classification: Legitimate
known filename: CTPID.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\
Long name: CTPID.ocx
Short name:
Date (created): 13-01-2008 00:22:30
Date (last access): 27-03-2008 01:30:04
Date (last write): 11-01-2008 15:58:38
Filesize: 37536
Attributes: archive
MD5: EEDEA032CD9325FBB394406350C41427
CRC32: 25040EA1
Version: 1.0.42.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 988 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1036 ( 988) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1060 ( 988) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1104 (1060) C:\WINDOWS\system32\services.exe
size: 108032
MD5: 55BBE54A196B1A9F99EC2E01F4AC1215
PID: 1116 (1060) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9086126FB5FD15CEB387121506400244
PID: 1292 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1360 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1472 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1508 (1104) C:\Programmer\Panda Internet Security 2008\TPSrv.exe
size: 404784
MD5: 3C0E87F077D1BB31D86AA927E15E85C1
PID: 1676 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 1868 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 568 (1104) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 424 ( 116) C:\WINDOWS\Explorer.EXE
size: 1034240
MD5: 91E15A22E62A11014DB521FB589B6093
PID: 1456 (1104) C:\WINDOWS\system32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1740 (1104) C:\WINDOWS\system32\nvsvc32.exe
size: 155716
MD5: 472A00D2183C9E5EDB3E076272741812
PID: 1184 (1104) C:\Programmer\Panda Internet Security 2008\PsCtrls.exe
size: 169264
MD5: C57E4072BB37449678CA193BF1928398
PID: 328 (1104) C:\Programmer\Panda Internet Security 2008\PavFnSvr.exe
size: 173360
MD5: 7638CFE8F22C799431A39CDFF6D4AB04
PID: 292 (1104) C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
size: 63024
MD5: F41AD950FABA0AD91D9D323074A6AF65
PID: 1596 (1104) C:\Programmer\Panda Internet Security 2008\pavsrv51.exe
size: 148272
MD5: C37842E4E473A064B21755D6235F5497
PID: 176 (1596) C:\Programmer\Panda Internet Security 2008\AVENGINE.EXE
size: 96560
MD5: FDE0F9A81E6893E780C2AB5BA3BF166D
PID: 1012 (1104) C:\Programmer\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
size: 67120
MD5: D858C1B9C6B4726993C1BAFFC27F49E6
PID: 1720 (1104) C:\WINDOWS\system32\PnkBstrA.exe
size: 66872
MD5: 831883B107684301F48ACE752C963984
PID: 516 (1104) C:\WINDOWS\system32\PSIService.exe
size: 177704
MD5: F115AF58ABE5605D7D709CBFBD83F418
PID: 912 (1104) c:\programmer\panda internet security 2008\firewall\PSHOST.EXE
size: 226864
MD5: 545D81E007989AEEFCCA8922D38CCF0C
PID: 1976 (1104) C:\Programmer\Panda Internet Security 2008\PsImSvc.exe
size: 108592
MD5: AB75889B63CB3B761FB71072AC79DF94
PID: 432 (1104) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 46FE2ED518FDFBFD289F014A3078575C
PID: 2500 (1104) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 4B4A23C50148601CA60D969D4AC0C116
PID: 3656 (1184) C:\Programmer\Panda Internet Security 2008\PavBckPT.exe
size: 111920
MD5: 37F6CA78B4EC02DAC2E06A45E7A2DE77
PID: 3904 ( 424) C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
size: 122880
MD5: E81A33F3E11959E65251988E79AA243C
PID: 4024 ( 424) C:\WINDOWS\system32\Rundll32.exe
size: 33280
MD5: 5763E6224286473B771B234476C6538C
PID: 2264 ( 424) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 5763E6224286473B771B234476C6538C
PID: 2524 ( 424) C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF
PID: 2516 ( 424) C:\Programmer\Razer\Copperhead\razerhid.exe
size: 155648
MD5: F78212329BFD1EBDD0C3009ABC748BD9
PID: 3308 ( 424) C:\Programmer\SPAMfighter\SFAgent.exe
size: 230600
MD5: 3330DFB54046F0F154F1A7E358E873CC
PID: 3424 ( 424) C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983
PID: 3844 ( 424) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 8289923E26D00213080E3E3D7E219F4C
PID: 2784 ( 424) C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D
PID: 3232 (2516) C:\Programmer\Razer\Copperhead\razertra.exe
size: 147456
MD5: FC0CBC849C4A32C765E94F2DA7865766
PID: 2760 (2516) C:\Programmer\Razer\Copperhead\razerofa.exe
size: 159744
MD5: C118F97058699E412E637565E9DA117C
PID: 2420 (2784) C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
size: 204800
MD5: 2DB4D4386AC0F8CC367E1AA8AB1004EF
PID: 2204 ( 424) C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 27-03-2008 04:38:42

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft....k/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft....k/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: PAV_LAYERED over [MSAFD Tcpip [TCP/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll

Protocol 1: PAV_LAYERED over [MSAFD Tcpip [UDP/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll

Protocol 2: PAV_LAYERED over [MSAFD Tcpip [RAW/IP]]
GUID: {DFA91D0C-DBEA-462F-8C59-BE5CB5380FC7}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B471188E-EBFE-4249-841E-53BDFA119A78}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B471188E-EBFE-4249-841E-53BDFA119A78}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A70B20D6-2B08-48FA-AC37-1387FDEC122A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A70B20D6-2B08-48FA-AC37-1387FDEC122A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{649B7DBE-191B-4D2E-9FBD-9246F516DB05}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{649B7DBE-191B-4D2E-9FBD-9246F516DB05}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C1CB386-D985-4DC5-B351-5E57CD154D80}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C1CB386-D985-4DC5-B351-5E57CD154D80}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: PAV_LAYERED
GUID: {6B320271-E041-22D0-9A38-11BB1164A02D}
Filename: C:\Programmer\Panda Internet Security 2008\pavlsp.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-navneområde (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

#10 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 27 March 2008 - 04:46 AM

___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present. If you need help finding them.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD

E:\Download\Downloadprogrammer\dap53.exe
"E:\Download\Spyware cleaner\sdsetup.exe

C:\windows/zipped.tmp


How do things seem to be running now ?
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

    Advertisements

Register to Remove


#11 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 27 March 2008 - 05:55 AM

Things are looking bright thank you :thumbup: I'll delete the 2 programs and the temp file when I get home from work (8 hours from now) Am I allowed to upload a pic of a part of my browser in this thread too? Annette

#12 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 27 March 2008 - 12:41 PM

Am I allowed to upload a pic of a part of my browser in this thread too?
Annette


Care to explain why ? I can't see a reason you can't as long as it has to do with Malware.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#13 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 27 March 2008 - 02:35 PM

Above mentioned files deleted

about the browser:
I don't know if it is malware. In the right side of the browser I have Google as my search engine.
In the drop down menu there are 2 new lines
one is black and says "open IME"
the other one is greyed out and says "new convert"

Are these connected to the virus I had ?


Posted Image


Do I need to post any more logs ?

Annette

Edited by Annet, 27 March 2008 - 02:38 PM.


#14 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 27 March 2008 - 02:53 PM

Is this new ?

Can you translate those words for me ?


__________________________

_____________
open CCleaner
click on tools
highlight uninstall

down on the bottom click save to text file.
Save it to your desktop and post
the contents
of that log for me.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#15 Annet

Annet

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 27 March 2008 - 03:08 PM

I saw it yesterday for the first time but actually I don't know if it is new or not I might see ghosts everywhere :-) The black word says Open IME The greyed out at the bottom says : new conversion CC uninstall log: Adobe Flash Player ActiveX Adobe Reader 8.1.1 - Dansk AiO_Scan AiOSoftware ArcSoft Software Suite Atlantis Quest AVS Video Converter 5.6 Battlefield 2™ BufferChm Call of Duty® 4 - Modern Warfare™ Call of Duty® 4 - Modern Warfare™ 1.4 Patch Call of Duty® 4 - Modern Warfare™ 1.5 Patch CCleaner (remove only) Corel Paint Shop Pro Photo XI Corel Paint Shop Pro X CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 Creative MediaSource 5 Creative Software AutoUpdate CustomerResearchQFolder Dansk sprogpakke til Microsoft .NET Framework 3.0 Destinations DeviceManagementQFolder DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DocProc Driver Detective eSupportQFolder Fax FlvGrabber Freez FLV to AVI/MPEG/WMV Converter HijackThis 1.99.1 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB926239) Hotfix til Windows Media Player 11 (KB939683) Hotfix til Windows XP (KB914440) HP Extended Capabilities 5.3 HP Imaging Device Functions 5.3 HP Photosmart Essential HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant Jasc Paint Shop Pro 8 Java™ 6 Update 3 JMB36X Raid Configurer Kaspersky Online Scanner MahJong Suite MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Danish Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Language Pack - DAN Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Danish Language Pack Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Base Smart Card Crypto-udbyder Microsoft Compression Client Pack 1.0 for Windows XP Microsoft FrontPage 98 Microsoft Office 97 Professional Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MSN BackUp 1.3.2 MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) NewCopy NVIDIA Drivers Opdatering til Windows XP (KB894391) Opdatering til Windows XP (KB898461) Opdatering til Windows XP (KB900485) Opdatering til Windows XP (KB904942) Opdatering til Windows XP (KB908531) Opdatering til Windows XP (KB910437) Opdatering til Windows XP (KB911280) Opdatering til Windows XP (KB916595) Opdatering til Windows XP (KB920342) Opdatering til Windows XP (KB920872) Opdatering til Windows XP (KB922582) Opdatering til Windows XP (KB925720) Opdatering til Windows XP (KB925876) Opdatering til Windows XP (KB927891) Opdatering til Windows XP (KB930916) Opdatering til Windows XP (KB936357) Opdatering til Windows XP (KB938828) Opdatering til Windows XP (KB942763) Opdatering til Windows XP (KB942840) Paint Shop Pro 7 Panda Internet Security 2008 Panda TotalScan PartitionMagic Pop-Up Stopper PowerQuest PartitionMagic 8.0 Demo ProductContext Razer Copperhead Readme REALTEK GbE & FE Ethernet PCI-E NIC Driver Scan ScannerCopy Security Update for CAPICOM (KB931906) Shockwave Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533) Sikkerhedsopdatering til Windows Media Player 11 (KB936782) Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398) Sikkerhedsopdatering til Windows XP (KB890046) Sikkerhedsopdatering til Windows XP (KB893756) Sikkerhedsopdatering til Windows XP (KB896358) Sikkerhedsopdatering til Windows XP (KB896423) Sikkerhedsopdatering til Windows XP (KB896428) Sikkerhedsopdatering til Windows XP (KB899587) Sikkerhedsopdatering til Windows XP (KB899591) Sikkerhedsopdatering til Windows XP (KB901017) Sikkerhedsopdatering til Windows XP (KB901214) Sikkerhedsopdatering til Windows XP (KB902400) Sikkerhedsopdatering til Windows XP (KB904706) Sikkerhedsopdatering til Windows XP (KB905414) Sikkerhedsopdatering til Windows XP (KB905749) Sikkerhedsopdatering til Windows XP (KB908519) Sikkerhedsopdatering til Windows XP (KB911562) Sikkerhedsopdatering til Windows XP (KB911927) Sikkerhedsopdatering til Windows XP (KB913580) Sikkerhedsopdatering til Windows XP (KB914388) Sikkerhedsopdatering til Windows XP (KB914389) Sikkerhedsopdatering til Windows XP (KB917159) Sikkerhedsopdatering til Windows XP (KB917953) Sikkerhedsopdatering til Windows XP (KB918118) Sikkerhedsopdatering til Windows XP (KB918439) Sikkerhedsopdatering til Windows XP (KB919007) Sikkerhedsopdatering til Windows XP (KB920213) Sikkerhedsopdatering til Windows XP (KB920670) Sikkerhedsopdatering til Windows XP (KB920683) Sikkerhedsopdatering til Windows XP (KB920685) Sikkerhedsopdatering til Windows XP (KB921503) Sikkerhedsopdatering til Windows XP (KB922819) Sikkerhedsopdatering til Windows XP (KB923191) Sikkerhedsopdatering til Windows XP (KB923414) Sikkerhedsopdatering til Windows XP (KB923789) Sikkerhedsopdatering til Windows XP (KB923980) Sikkerhedsopdatering til Windows XP (KB924270) Sikkerhedsopdatering til Windows XP (KB924667) Sikkerhedsopdatering til Windows XP (KB925902) Sikkerhedsopdatering til Windows XP (KB926255) Sikkerhedsopdatering til Windows XP (KB926436) Sikkerhedsopdatering til Windows XP (KB927779) Sikkerhedsopdatering til Windows XP (KB927802) Sikkerhedsopdatering til Windows XP (KB928255) Sikkerhedsopdatering til Windows XP (KB928843) Sikkerhedsopdatering til Windows XP (KB929123) Sikkerhedsopdatering til Windows XP (KB930178) Sikkerhedsopdatering til Windows XP (KB931261) Sikkerhedsopdatering til Windows XP (KB931784) Sikkerhedsopdatering til Windows XP (KB932168) Sikkerhedsopdatering til Windows XP (KB933729) Sikkerhedsopdatering til Windows XP (KB935839) Sikkerhedsopdatering til Windows XP (KB935840) Sikkerhedsopdatering til Windows XP (KB936021) Sikkerhedsopdatering til Windows XP (KB938829) Sikkerhedsopdatering til Windows XP (KB941202) Sikkerhedsopdatering til Windows XP (KB941568) Sikkerhedsopdatering til Windows XP (KB941569) Sikkerhedsopdatering til Windows XP (KB941644) Sikkerhedsopdatering til Windows XP (KB942615) Sikkerhedsopdatering til Windows XP (KB943055) Sikkerhedsopdatering til Windows XP (KB943460) Sikkerhedsopdatering til Windows XP (KB943485) Sikkerhedsopdatering til Windows XP (KB944653) Sikkerhedsopdatering til Windows XP (KB946026) SolutionCenter Sound Blaster X-Fi Xtreme Audio SPAMfighter Spybot - Search & Destroy Status TDC Digital Signatur CSP TeamSpeak 2 RC2 The Rise of Atlantis TrayApp Unload Vimicro USB2.0 PC Camera (VC0323) WebFldrs XP WebReg Windows Communication Foundation Language Pack - DAN Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (DAN) Windows Workflow Foundation DA Language Pack Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinFast® Display Driver WinRAR 3.50 (Dansk) WinZip 11.1

Edited by Annet, 27 March 2008 - 03:10 PM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users